Security Vulnerabilities and Countermeasures for Time

Research ArticleSecurity Vulnerabilities and Countermeasures for TimeSynchronization in TSCH Networks

Wei Yang 1 Yadong Wan2 Jie He 2 and Yuanlong Cao1

1School of Soware Jiangxi Normal University Nanchang 330022 China2School of Computer and Communication Engineering University of Science and Technology Beijing Beijing 100083 China

Correspondence should be addressed to Wei Yang ywjxnueducn

Received 20 August 2018 Revised 15 November 2018 Accepted 27 November 2018 Published 10 December 2018

Guest Editor Jiageng Chen

Copyright copy 2018 Wei Yang et alThis is an open access article distributed under the Creative Commons Attribution License whichpermits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

Time-slotted channel hopping (TSCH) which can enable highly reliable and low-power wirelessmesh networks is the cornerstoneof current industrial wireless standards In a TSCH network all nodes must maintain high-precision synchronization If anadversary launches a time-synchronization attack on a TSCHnetwork the entire network communication system can be paralyzedThus time-synchronization security is a key problem in this network In this article time synchronization is divided into single-hop pairwise clusterwise and three-levelmultihop according to the network scopeWe deeply analyze their security vulnerabilitiesdue to the TSCH technology itself and its high-precision synchronization requirements and identify the specific attacks then wepropose corresponding security countermeasures Finally we built a test bed using 16 OpenMoteSTM nodes and the OpenWSNsoftware to evaluate the performance of the proposed schemeThe experimental results showed that serious security vulnerabilitiesexist in time-synchronization protocols and the proposed countermeasures can successfully defend against the attacks

1 Introduction

Most industrial applications eg steel mills chemical indus-tries and oil refineries need real-time monitoring andmanagement processes [1 2] Traditionally wired industrialautomation and monitoring systems have been deployed tomonitor temperature pressure or tank-fill levels But it isdifficult and expensive to install communication cables in afactory [3] With the recent advances in wireless technologyindustrial wireless sensor networks (IWSNs) have becomea trend instead of the traditional wired industrial systemsTheir advantages are easier deployment and cheaper mainte-nance In particular they can be used in mobile objects andexplosive environments

As industrial wireless applications have critical require-ments for reliability low power and real-time responserates IWSNs face many challenges Research has shownthat wireless communication is vulnerable to external inter-ference path obstruction and multipath fading Moreovernodes waste considerable energy in idle listening states egIEEE802154-2006 networks [4]

The time-slotted channel-hopping (TSCH) technique canbe applied to low-power and highly reliable wireless meshnetworks All nodes in a TSCH network must maintainhigh-precision synchronization The nodes radios switchon according to the network schedule which can avoididle listening It also uses a channel-hopping technique toimprove the wireless communication reliability Currentlythe TSCH technology is the fundamental for the industrialwireless standards eg ISA10011a [5] WirelessHART [6]and IEEE802154-2015 [7]

Figure 1 shows a sample timeslot-channel schedule in aTSCH network with a 101-slot super-frame The horizontalaxis represents ASN (absolute slot number) value whichindicates how many timeslots have elapsed after the networkformation And the vertical axis represents communicationchannelThe communication of nodes happens in one times-lot and communication channel according to the networkschedule Some nodes can sleep in a specified timeslot tosave energy (eg node B and node D sleep in timeslot 1) Inaddition the network adopts a channel-hopping technologybased on time to improve wireless communication reliability

HindawiWireless Communications and Mobile ComputingVolume 2018 Article ID 1954121 14 pageshttpsdoiorg10115520181954121

2 Wireless Communications and Mobile Computing

Super-frame

ASN=0

A C

C D

DA

Timeslot1 2 3 4 5

0

1

2

3

4

Chan

nel

D

A

CB

ADV BD

AC

99 100

A D

C D

B AA B

AC

Node A

Node B

Data Ack

Data Ack

GT

Figure 1 Sample timeslot-channel schedule in a TSCH network

Overall high-precision time synchronization is the corefeature of TSCH networks

Time synchronization is fundamental for the TSCH-based wireless networks However the time-synchronizationprotocol in TSCH networks focuses on energy efficiencyand clock accuracy while ignoring security issues If anadversary launches a time-synchronization attack on a TSCHnetwork the entire network communication system canbe paralyzed There are some secure time-synchronizationprotocols in WSNs (eg SPS [8] and SMTS [9]) But thosecountermeasures cannot be directly applied to the time-synchronization protocol inTSCHnetworksTheSPS (securepairwise synchronization) protocol [8] is designed to defendagainst the pulse-delay attack in TPSN time synchroniza-tion The SMTS (secured maximum-consensus-based time-synchronization) protocol [9] is designed to defend againstmessage-manipulation attacks inMTS time synchronizationThe time-synchronization protocol in TSCH networks isdifferent from the MTS and TPSN protocol There existdifference security vulnerabilities in the process of timesynchronization And the security countermeasures shouldalso consider the detail of implementation of the time-synchronization protocol It is necessary to research thesecure time synchronization in TSCH-based wireless net-works

In our paper time synchronization in TSCH networks isdivided into single-hop pairwise clusterwise and multihopaccording to the network scope We analyze in detail theirsecurity vulnerabilities due to the high-precision synchro-nization requirements and TSCH protocol itself and identifysome specific attacks and then propose corresponding secu-rity countermeasures

The contributions of the paper are threefold Firstly weanalyze in detail the vulnerability of single-hop pairwisesynchronization and propose security countermeasures that

include an authentication mechanism and a clock-offset filter(COF) algorithm The COF algorithm can filter out time-synchronization packets from malicious nodes Secondly weanalyze in detail the vulnerability of clusterwise synchroniza-tion and propose an improved 120583TESLA scheme that supportsimmediate authentication It does not need to wait until itreceives the disclosed key before authenticating the packetsFinally we analyze in detail the vulnerability of multihopsynchronization and define an error-accumulation attackWe propose a multipath approach based on trust modelingwhich can find a secure path to the root node by establishinga trust model between nodes

A test bed using 16 OpenMoteSTM nodes and theOpenWSN software was built to validate the effectiveness andfeasibility of the security countermeasures

The paper is organized as follows Section 2 introducessecure time-synchronization protocols in wireless sensornetworks Section 3 presents time synchronization in TSCHnetworks and the attack model Sections 4 5 and 6 describesecure pairwise secure clusterwise and securemultihop timesynchronization respectively Section 7 presents the exper-imental evaluation of the secure time synchronization in anetwork with 16 OpenMoteSTM nodes Section 8 presentsa comparison with other secure time-synchronization proto-cols Section 9 concludes the paper

2 Related Work

Huang et al [10] showed the seq num attacks and globaltime attacks on the flooding time-synchronization protocol(FTSP) Then they proposed a series of countermeasureswhich include new root-selection and blacklist filter mech-anisms to protect against the above attacks Zhang et al [11]observed a novel time-synchronization attack (TSA) that canmanipulate the timing information in a smart gridThe attack

Wireless Communications and Mobile Computing 3

can reduce the fault-location performance and disable thevoltage-instability alarm

Ganeriwal et al [8] defined a pulse-delay attack onthe timing-synchronization protocol for sensor networks(TPSN) This attack causes legitimate nodes to calculate anerror clock offset Then they proposed a SPS protocol thatadopts message-authentication codes and end-to-end delay-estimation methods The experiment which is conductedon Mica2 motes shows that SPS can successfully detect theattack

He et al [9] analyzed the vulnerability of the MTS proto-col and described message-manipulation attacks They thenproposed a secure MTS protocol using hardware and logicalclocks to detect the attacks The result showed that the proto-col can quickly compensate the clock offset And they alsoproposed a SATS protocol [12] to protect against message-manipulation attacks in the average-consensus-based time-synchronization (ATS) protocol

Dong et al [13] showed Sybil attacks and compromiseattacks can destroy a distributed time-synchronization pro-tocol They proposed RTSP that employs a graph-theoreticaltechnology to detect attacks But the security mechanismcan not be directly used in centralized time-synchronizationprotocols

Yang et al [14] analyzed the vulnerability of the timing-synchronization protocol in IEEE802154e networks Theypointed out the ASN and timeslot-template synchronizationattack Then they proposed security countermeasures whichfully consider the characteristic of IEEE802154e networks todefend against the attacks However the paper only focusedon secure single-hop synchronization and only simulationswere conducted to verify the effectiveness of the countermea-sures

3 Time Synchronization in TSCH Networks

In this section we briefly describe time synchronizationin TSCH networks Then we present a model for time-synchronization attacks

31 Time-Synchronization Process Every node keeps syn-chronized in TSCH networks and the communication hap-pens in timeslots (eg 15ms long) Before a new nodejoins the network it should receive the enhanced beacon(EB) packets from neighborhood nodes The contents of EBpackets mainly contain Join Priority (JP) value and ASNvalue The new node prefers to choose a neighborhood nodewith a lower JP value to do ASN synchronization

After the node successfully joins the network it needs tomaintain synchronization The timeslots of network nodesshould remain aligned Usually the nodes are equippedwith an inexpensive oscillator to keep time Because ofthe differences in temperature or fabrication there is aclock drift between two oscillators (typically 30 ppm) Sothe nodes need to do device-to-device synchronization tocompensate for the clock offset Every node can use frame-based or acknowledgment-based synchronization methodsto synchronize with the network

Figure 2(a) illustrates a detailed process of frame-basedsynchronization between a transmitter and receiver Thereceiver should turn on the radio a little earlier than thetransmitter The duration is defined as the guard time (GT)And the receiver needs to record the arriving time of theframe Based on (1) the receiver can get the value of clockoffset And the receiver can synchronize to the transmitterwhen it updates the period based on (2) Figure 2(b) illustratesa process of acknowledgment-based synchronization Herethe transmitter is a child node It should first send a requestframe to the receiver The receiver needs to calculate the timeoffset based on (1) And the transmitter gets the time offsetand synchronizes to the receiver based on (2)

119874119891119891119904119890119905 = 119860119903119903119894V119890119905119894119898119890 minus 119879119904119879119909119900119891119891119904119890119905 (1)

119862119906119903119903119890119899119905119875119890119903119894119900119889 = 119873119900119903119898119886119897119875119890119903119894119900119889 + 119874119891119891119904119890119905 (2)

32 Attack Model The Dolev-Yao threat model is a typicalattack model where the attacker can eavesdrop on modifyor forge communication messages in the network Our attackmodel is based on thismodelWe consider two types of attackexternal and internal

In the external attack model an attacker can eavesdropon or modify messages but cannot obtain the secret keySo it is unable to impersonate a legitimate node But aninternal attacker can get a legal identity because it knows thesecret key The compromise attack is a typical internal attackThe compromised node can not only eavesdrop on networkmessages but also forge legitimate network messages Ourpaper will consider the impact of the two types of attacks onthe time-synchronization protocol

4 Secure Pairwise Time Synchronization

Two neighbor nodes usually adopt single-hop pairwise syn-chronization to establish relative clock offsets In this sectionwe first analyze its security in depth and then propose asecurity countermeasure that includes authentication mech-anisms and a COF algorithm

41 Vulnerabilities in Pairwise Synchronization ASN syn-chronization occurs when new nodes join the network Andthe EB packet is an important control packet in the processof ASN synchronization Figure 3 shows the detailed formatof the EB packetThe EB packets mainly contain Join Priority(JP) value ASN value and channel-hopping template infor-mation for a new node to join the network The EB packetmay be encrypted to defend against eavesdrop attacks It onlyadopts a shared key for encryption otherwise it will preventnew nodes from joining the network However from the ASNsynchronization perspective it should adopt a secret key tohide the119860119878119873 value If a new node receives a forged EB packetthat contains a false ASN value it may deduce the wrongchannel frequency for all the given pairwise communicationaccording to (3) This is the first security vulnerability in thesingle-hop pairwise synchronization process

119891119903119890119902119906119890119899119888119910 = (119860119878119873 + 119888ℎ119886119899119899119890119897119874119891119891119904119890119905)16 (3)


Tx Data

Transmitter

GT

RXON Rx Data

Start of slot End of slot

Idle Rx

Process Data

SFR

TsTxoffset

TsRxoffset

TsRxAckDelay

Prepareto Rx

Prepareto Rx

Receiver

AWT

EFR

４1

２1

(a)

Tx DataTransmitter

GT

RXON Rx Data


RXON Rx Ack

Tx Ack

SFR

TsTxoffset

TsRxoffset

TsRxAckDelay

Prepareto Rx

Prepareto Rx

TsTxAckDelay

ReceiverPrepareto Ack

４1 ４2

２1 ２2

(b)

Figure 2 Twomethods in device-to-device synchronization (a) Frame-based synchronization (b) Acknowledgment-based synchronization

Length = 0-2047 Group ID = 1 Type = 1 Sub-IE Content

Bit0-10 11-14 15 Octets2

Sub-ID

SEQNUM

DESTINATIONADDRESS

SOURCEADDRESS Beacon PAYLOAD MIC FCS

MAC HEADER

HeaderIEs

PayloadIEs

AUX SECHEADER

Length Type

MAC HEADER

FRAMECTRL

ASN

Octets 5 1

Join Priority

MFR

Figure 3 Enhanced beacon packet format


In the process of device-to-device synchronization thereceivermay deduce the time offset according to (1)Howeverif an adversary modifies the 119879119904119879119909119900119891119891119904119890119905 value in the timeslottemplate the receiver may calculate an incorrect time offsetaccording to (4) Δ119905 represents the modification size It isdefined as a timeslot-template attack However the attackercannot modify the 119879119904119879119909119900119891119891119904119890119905 value arbitrarily If the valueof Δ119905 is larger than the GT it may have no effect asthe receiver may turn off the radio in this case This isthe second security vulnerability in the single-hop pairwisesynchronization process

119900119891119891119904119890119905 = 119905119894119898119890119877119890119888119890119894V119890119889 minus 119879119904119879119909119900119891119891119904119890119905 + Δ119905 (4)

The pulse-delay attack which was first proposed byGaneriwal et al [8] may destroy device-to-device synchro-nization To quote from Ganeriwal et al [8] ldquoThe adversaryfirst sends jamming signals and replays it after a little delaywhich will cause the receivers to calculate an incorrect clockoffsetrdquo Both the frame-based and acknowledgment-basedways may be affected by this attack This is the third securityvulnerability in the single-hop pairwise synchronizationprocess

42 Secure Pairwise Synchronization In the ASN synchro-nization process a new node may receive a forged EB packetthat contains a false ASN value This occurs when joininga network Fortunately the IETF 6TiSCH working grouprecently made some progress in the secure Join protocol [16]If a new node can securely join a network or choose a legiti-mate time source it can successfully doASN synchronizationTherefore in our study we mainly focus on the second andthird security vulnerabilities in the pairwise synchronizationprocess

Generally all nodes periodically perform device-to-device synchronization with their time parents in TSCHTheoffset is usually less than a threshold when the period ofsynchronization is fixed Therefore the criterion of attacksuccess is that the legitimate node receives a clock offset thatexceeds the threshold value Here we present a mathematicalmodel to describe the device-to-device time-synchronizationprocess (see (5) and (6)) Let 1198791 represent the transmitter-recorded sending time of the synchronization frame and1198771 represent the receiver-recorded receiving time of thesynchronization frame Similarly 1198792 and 1198772 represent therelation time For more detail refer to Figure 2(b) Using(5) and (6) the time offset and transmission delay are easilycalculated

119900119891119891119904119890119905 =(1198771 minus T1) minus (1198792 minus 1198772)

2(5)

119889119890119897119886119910 =(1198771 minus 1198791) + (1198792 minus 1198772)

2 (6)

First let us consider the timeslot-template attack wherean adversary modifies the value of 119879119904119879119909119900119891119891119904119890119905 Assume thatthe receiver is a malicious node that is compromised by anadversary The 119879119904119879119909119900119891119891119904119890119905 value of receiver is modified to119879119904119879119909119900119891119891119904119890119905minus120585 According to (1) the receiver would calculate

a larger offset than the normal case From the perspective ofthe mathematical model the R1 and R2 value increase Thusaccording to (5) and (6) the adversary can conduct the offsetincreases as indicated by (7) but the delay does not increase

119900119891119891119904119890119905 =(1198771 minus 1198791) minus (1198792 minus 1198772)

2+ 120585 (7)

Second the pulse-delay attack may destroy pairwise syn-chronization in TSCH Assuming the adversary introducesdelay Δ The 1198791 1198792 and 1198772 value do not change But the 1198771value may increase to 1198771+Δ According to (5) and (6) it canconduct the offset increases as indicated by (8) and the delayincreases as indicated by (9)

119900119891119891119904119890119905 =(1198771 minus 1198791) minus (1198792 minus 1198772) + Δ

2(8)

119889119890119897119886119910 =(1198771 minus 1198791) + (1198792 minus 1198772) + Δ

2 (9)

In order to defend against time-synchronization attacksin the pairwise synchronization in TSCH a secure algorithmis proposed as shown in Algorithm 1

Our proposed scheme combines the message-integrityauthentication mechanism and COF algorithm In the pro-cess of child node A sending a synchronization request toparent node B it contains random nonce 119873119860 and MAC(message authentication codes) The random nonce 119873119860 isused to protect against a reply attack TheMAC is an effectiveway to defend against an external attack which has beenproved However the adversarymay launch an internal attacksuch as a compromise attack or pulse-delay attack Herewe propose a COF algorithm to protect against the internalattack

The core idea of the COF algorithm is that the synchro-nization packet will be filtered out when the clock offsetor delay is larger than a threshold value Therefore how toaccurately estimate the threshold value is a key issue Let 119876represent clock threshold and 119889lowast represent delay thresholdWhen the period of synchronization 119879 is fixed the 119876 valuecan be estimated based on (10) where 119872119886119909 119889119903119894119891119905 representthe maximum clock drift between two nodes The value of119872119886119909 119889119903119894119891119905 can refer to the crystal manually The value of119889lowast can also be estimated theoretically Ganeriwal et al [8]have proved that the transmission delay usually follows aGaussian distribution Let 119889 represent the delay in the processof exchanging data packets which is calculated accordingto (6) As the delay follows a Gaussian distribution it canconclude that most of the delay is among [119889119886V119892 minus 3120590 119889119886V119892 +3120590] It can reach 997 confidence So the value of 119889 can beestimated theoretically according to (11)

119876 le 119879 lowast119872119886119909 119889119903119894119891119905 (10)

119889lowast = 119889119886V119892 + 3120590 (11)

5 Secure Clusterwise Time Synchronization

In this section we first analyze in detail the vulnerabilityof clusterwise time synchronization and then propose alightweight security countermeasure


1 Node A sends a synchronization request to parent node B2 119860 997888rarr 119861 119860 119861 1198791 119873119860119872119860119862(119870119860119861 119860 119861 1198791 119873119860)3 Node B sends back an ACK message to A4 119861 997888rarr 119860 119861119860 1198791 1198771 1198772 119873119860 119860119862119870

119872119860119862(119870119860119861 119861 119860 1198771 1198772 119873119860 119860119862119870)5 Node A calculates

6 119900119891119891119904119890119905 =(1198771 minus 1198791) minus (1198792 minus 1198772)

2 119889119890119897119886119910 =

(1198771 minus 1198791) + (1198792 minus 1198772)

2

7 if (119900119891119891119904119890119905 le 119876ampampdelay lt= dlowast)8 119862119906119903119903119890119899119905119875119890119903119894119900119889 = 119873119900119903119898119886119897119875119890119903119894119900119889 + 1199001198911198911199041198901199059 else10 Filter out the synchronization packet 119899119906119898 119886119905119905119886119888119896 + +11 if (119899119906119898 119886119905119905119886119888119896 gt 119873)12 Blacklist(B) Send an alarm message to the Root13 end

Algorithm 1 Secure pairwise time synchronization

ADV ADVA

DV

ADVADV

Cluster-head

Child_4

Child_3

Child_6

Child_1

Child_2

Child_5

AD

V

Malicious Node

Forged ADV

Forged ADV

Figure 4 A malicious node can easily forge broadcast time-synchronization packets

51 Vulnerabilities in Clusterwise Synchronization To im-prove the energy efficiency a cluster of nodes in TSCHnetworks may sleep in the given timeslots and wake simulta-neously Many other WSN applications (eg fire monitoringspeed estimating andmovement detection) also need consis-tent distributed coordination and sensing Thus a secure andlow-power clusterwise synchronization protocol is critical

In TSCH networks a node has two methods for main-taining clusterwise time synchronization KA-based andADV-based In the process of KA-based synchronizationevery child node must periodically send a KA packet tothe cluster-head to maintain synchronization ADV-basedsynchronization is different because the cluster-head needsto periodically broadcast a time-synchronization packet tothe child node Vilajosana et al [17] observe that the ADV-based synchronization scheme is more practical and energy

efficient Thus our paper mainly focuses on the securityvulnerability of ADV-based synchronization

The ADV-based synchronization process has no securitymechanisms and in particular no broadcast-authenticationmechanism A malicious node can easily forge broadcasttime-synchronization packets to disturb the clusterwise syn-chronization

Figure 4 shows the scenario of amalicious node launchingan attack on ADV-based clusterwise synchronization Inthe normal case the cluster-head node should periodicallybroadcast an ADV packet All the child nodes receive theADV packet to do synchronization However the maliciousnode launches a time-synchronization attack on child 2 andchild 3 by forging an ADV packet with a strong powerChild 2 and child 3 will calculate a false time offset and maylose synchronization with the cluster-head


Time

Key Chain

Broadcast Packet

Ki- Ki Ki+ Ki+

Pi- Pi+ Pi+

F(Ki) F(Ki+) F(Ki+)

-1 +1 +2

Pi

Figure 5 120583TESLA broadcast-authentication mechanism

In TSCH networks all communications are based onhigh-precision synchronization A false time offset can effec-tively reduce the performance of a cluster network Thusa secure clusterwise synchronization protocol should bedesigned for the TSCH network

52 Secure Clusterwise Synchronization In TSCH networksthe ADV-based synchronization scheme is more energy effi-cient than the KA-based synchronization scheme at makinga cluster of nodes synchronization However it has a serioussecurity vulnerability As it lacks a broadcast-authenticationmechanism amalicious node can easily impersonate a clusterto send false ADV packets Therefore it is necessary to adopta broadcast-authentication mechanism to secure the networkagainst this vulnerability

Generally digital signatures [18] and 120583TESLA [19] aretypical mechanisms for authenticating broadcast packets inWSNs Many studies have shown that digital signaturesare computationally expensive which cannot be used inresource-constrained WSNs The 120583TESLA scheme is basedon symmetric cryptography which introduces low compu-tation and communication overheads However the original120583TESLA scheme exhibits several shortcomings

One critical shortcoming is that the receivers must wait toauthenticate packets until the cluster-head discloses the keyThe longer delay means the receivers need more memory tobuffer the synchronization packets It also increases the riskof denial-of-service (DoS) attacks We propose an improved120583TESLA scheme in which receivers do not need to delayor buffer synchronization packets In the following we firstreview 120583TESLA and then propose an improved 120583TESLAscheme that allows receivers to authenticate most packetsimmediately upon arrival

521 Overview of 120583TESLA The core idea of 120583TESLA isthat every broadcast packet attaches a MAC which is hardto forge The child nodes first buffer the incoming packetsuntil the cluster-head discloses the secret key Only thecluster-head owns the secret key A malicious node can-not forge a legitimate MAC unless it obtains the secretkey K Figure 5 illustrates the original 120583TESLA broadcast-authentication mechanisms In 120583TESLA the time axis isdivided into many equal-length time intervals Every intervalis assigned a different secret keyWhenone ormore broadcast

packets are generated in a time interval it uses the assignedsecret key for authentication

Usually a hash function is adopted to generate a one-way key chain According to (12) all the other keys can becalculated when the last key 119870119899 is selected Depending onthe mathematical properties of the hash function it is easy toauthenticate the current disclosed key by previous keys butit is hard to forge the later keys

119870119890119910119894 = 119867119886119904ℎ (119870119890119910119894 + 1) (119894 = 0 1 119899) (12)

522 Improved 120583TESLA Scheme The shortcoming of theoriginal 120583TESLA scheme is that the receivers must wait untilthey receive the disclosed key before they authenticate thepackets Buffering packets may incur serious DoS attacksand might not be practical for secure time-synchronizationapplicants We propose an improved 120583TESLA scheme thatsupports immediate authentication Its main idea is thatthe cluster-head needs to buffer some packets during aninterval and send the current packet with the hash value of alater packet The receivers can then immediately authenticatecurrent packets according to the hash value of the earlierpacket

Figure 6 shows the improved 120583TESLA scheme for secureclusterwise time synchronization in TSCH networks Thetime is composed of a repeated super-frame The super-frame is divided into many equal-length timeslots (15ms)Packet 119875119895 contains 119872119895 H(119872119895+1) MAC (119870119894minus1 119863119895) and 119870119894minus1Packet119875119895+1 contains119872119895+1 H(119872119895+2)MAC (119870119894119863119895+1) and119870119894When the receivers receive packet 119875119895+1 they can immediatelyauthenticate the current packet using H(119872119895+1) of the earlierpacket

6 Secure Multihop Time Synchronization

In this section we first briefly present the multihop timesynchronization in TSCH and then perform an in-depthsecurity analysis Finally we propose a secure multihopsynchronization method that adopts a multipath schemebased on trust modeling

61 Multihop Synchronization in TSCH Networks The syn-chronization protocol introduced in the above sections aimsto provide a clock offset between neighborhoods of nodesMultihop TSCH networks usually consist of hundreds of


0 1 2 3 4 100

Timesuper-frame super-frame

0 1 2 3 4 100

Pj

Mj

H(Mj+)

MAC(Ki Dj)

Ki-

Pj+

Mj+

H(Mj+)

MAC(Ki+ Dj+)

Ki

Dj Dj+

Figure 6 Improved 120583TESLA for secure clusterwise time synchronization

nodes and the distant child nodes must synchronize withthe network root In the multihop time-synchronizationprocess building a hierarchical network topology is a criticalproblemThe IETF 6TiSCH working group recommends theRPL (routing protocol for low power and lossy networks)[20] (see below) as a routing protocol to build the time-synchronization tree The nodes far away from the rootcan synchronize step by step along the path of the time-synchronization tree

Here we briefly review the RPL for more detail referto [20] The RPL is an IPv6 routing protocol for low-powerand lossy networks (LLNs) where both the routers andsensor nodes are resource-constrained It is a distance-vectorrouting protocol The RPL organizes the network topology asa Destination-Oriented Directed Acyclic Graph (DODAG)using Objective Functions (OFs) IETF 6TiSCH suggestsreusing the DODAG structure ie a nodes routing parentis also its clock source It not only prevents synchronizationloops but also reduces the energy cost to construct thesynchronization tree

62 Vulnerabilities inMultihop Synchronization InmultihopTSCH networks the RPL plays a key role in constructingthe time-synchronization tree The distant child nodes syn-chronize along the edges of the tree Having the procedurego smoothly relies on the assumption that none of theside nodes are malicious Even a single malicious nodealong the multihop path can affect the time-synchronizationperformance Unfortunately the current RPL is not resilientagainst all of the attacks especially the compromise attackThe adversary can easily control or instruct the compro-mised nodes to damage the time-synchronization servicesin an Internet-of-Things (IoT) environment This may causean error-accumulation phenomenon in the multihop timesynchronization

If a compromised node brings an incorrect offset to itsimmediate child node the incorrect offset will propagatealong the time-synchronization tree Because the error-accumulation phenomenon exists in multihop networks thisattack may seriously damage the performance of TSCH

networks which require high-precision synchronization Inthis paper we define this attack as an error-accumulationattack

Figure 7 illustrates the impact of an error-accumulationattack on multihop synchronization in a TSCH network Thenetwork consists of five nodes The root node is the referenceclock source for the network Node A1 is the immediate childnode of the root And node A2 is the immediate child nodeof A1 etc As the phenomenon of clock drift exists nodesneed to synchronize periodically Right before synchronizinga clock offset exists between the node and its clock source(eg 200 s) Assume the GT is set to 1000 s This means thenode may lose synchronization if the clock offset is biggerthan 1000 s

We assume that at some point each node will syn-chronize just before its clock-source neighbor does Thephenomenon of the top half of Figure 7(a) may occur ie theclock offset is 200 s between each node and its clock sourceLet us further assume that the nodes synchronize from leftto right ie A1 synchronizes with the root and then A2synchronizes with A1 After the node A3 synchronizationthe clock offset is about 800 s between A4 and A3 Becausethe clock offset is lower than the GT it can successfullysynchronize

In the malicious setting node A1 is a compromisednode as illustrated in Figure 7(b) The clock offset betweencompromised node A1 and the root may be 600 s if A1waits a long time before synchronizing The clock offsetfor each pair of legitimate neighbor nodes is 200 s If thenodes synchronize from left to right the last node A4 maylose synchronization After the node A3 synchronization theclock offset between nodes A3 and A4 reaches 1200 s (largerthan the GT) This example fully shows the vulnerability ofmultihop synchronization in TSCH networks The securityof multihop synchronization must be enhanced for TSCHnetworks to be resilient against attacks

63 Secure Multihop Synchronization The error-accumu-lation attack seriously threatens multihop synchronization inTSCH networks To effectively defend against such attacks


Root A1 A2 A3 A4

A1A2

A3A4

200us200us

200us200us

1000us

Root A1 A2 A3 A4

1000us

Root

offse

toff

set

(a)

Root A1 A2 A3 A4

Root

A1A2

A3A4

600us

200us200us

200us1000us

Root A1 A2 A3

A4

offse

toff

set

1000us

1200us

Lose Sync

(b)

Figure 7 Error-accumulation attack onmultihop synchronization in TSCH (a) In the nonmalicious setting (b) Under themalicious setting

1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

Path_2Path_1 Path_3

Compromised node

Normal node Path Indicate

Link Indicate

Figure 8 Diagram of multipath-based time synchronization

we propose a multipath time-synchronization scheme basedon trust modelingThe scheme can ensure that the nodes canfind a secure path to the root nodes by establishing a trustmodel Figure 8 shows node 10 finding a secure path to node1 bypassing compromised node 3 If node 10 chooses Path 1for synchronization compromised node 3 can easily damagethe multihop synchronization If node 10 chooses Path 2or Path 3 for synchronization it will be successful Thuschoosing a secure path from multihop paths is a challengeOur paper proposes a scheme based on a trust model to solvethis problem

Here we adopt an entropy-based trust model proposedby Sun et al [21] They proposed four axioms and derived amethod for calculating a trust value as follows

119875 119860 119883 119886119888119905119894119900119899 =1 + sum119868119895=1 120573

119905119888minus119905119895119896119895

2 + sum119868119895=1 120573119905119888minus119905119895119873119895

(13)

where 119905119895 represents the observation time 119905119888 represents thecurrent time 119896119895 and119873119895 represent action times and 0 le 120573 le 1is the remembering factor

The trust model quantifies the trust relationship betweennodes The trust values can be used to determine whether anode is legitimate or malicious When a node has multipleneighbor nodes it should select the node which owns the

maximum trust value as the forward node This way it canbypass malicious nodes Let 119899119906119898119879119909 119860 represent the totalnumber of packets sent by node A 119899119906119898119879119909 119870 representthe number of packets forwarded through node K and119899119906119898119879119909 119870 119860119862119870 represent the number of packets successfullyforwarded through node K

In our paper the source of the nodes trust value is mainlyconsidered from two aspects One is the packet-forwardingrate 1199031198861199051198901 = 119899119906119898119879119909 119870119899119906119898119879119909 119860 it reflects the cooperativerelationship of the nodes The other is the packet-forwardingsuccess rate 1199031198861199051198902 = 119899119906119898119879119909 119870 119860119862119870119899119906119898119879119909 119870 The trustvalue of a node is 119879119889 = 1205791119879

119908 + 1205792119879119903 where 1205791 1205792 isin [0 1] and

1205791 + 1205792 = 1 119879119908 can be calculated according to (14) and 119879119903

can be calculated according to (15)

119879119908 = 119875 119860 119870 1199031198861199051198901

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119860

(14)

119879119903 = 119875 119860 119870 1199031198861199051198902

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870 119860119862119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

(15)


Node A observes node K at frequent intervals 119866119860(119905119895)represents the observation time of nodeA where 119895 = 1 2sdotsdotsdot 119868119866119860(119905119888) represents the current time 120573 is the rememberingfactor The entropy-based trust model can bypass maliciousnodes and find a secure path between a distant node andthe root node However the value of 120573 needs to be adjustedaccording to practical network applications

7 Experiment Evaluation

In this section we perform an evaluation through realexperiments on a network of 16 OpenMoteSTM nodesrunning OpenWSN [22] In the following we first introducean OpenMoteSTM node the OpenWSN software and theexperimental setup Then we show the performance evalu-ation result of the proposed scheme

71 OpenMoteSTM Nodes and OpenWSN Soware To ver-ify the effectiveness of the proposed scheme a low-powerwireless sensor node called OpenMoteSTM was designedFigure 9 shows the detailed structure of an OpenMoteSTMnode It incorporates a high-performance ARM-based 32-bitmicrocontroller and a short range radioThemicrocontroller(STM32F103) can operate at 72MHzwith 64 kB of embeddedSRAM and 512 kB of flash It has a variety of peripherals egGPIOs UART SPI ADC and a timer

The radio (AT86RF231) operates in 24GHz and fully sup-ports the IEEE802154-2006 standard The OpenMoteSTMnode is also equipped with a 32768kHz crystal to drivethe microcontroller timers Because of the difference inmanufacturing and working temperatures the crystal has atypical drift of up to 30 ppm

OpenWSN [22] is open-source software developed byUCB which support the IEEE802154e TSCH protocol Theoriginal OpenWSN implements time synchronization inTSCH but has no security mechanisms Currently Open-WSN can support a variety of hardware platforms egGuidance and Inertial Navigation Assistant (GINA) TelosBand OpenMoteSTM nodes It also offers the OpenVisualizersoftware which can show the internal state (neighbor tablescheduling table error reports etc) of each node in thenetwork

72 Experimental Setup Figure 10 shows the test-bed sce-nario The OpenMoteSTM nodes which hang from thetesting shelf are all connected to the USB hub by USBlines It not only provides power to every node but alsocan view the state of the nodes through the OpenVisualizersoftware

OpenWSN implements a time-synchronization protocolin TSCH It adopts a hard-coded resource-scheduling algo-rithm [23] where a slotframe consists of 11 timeslots The firsttimeslot is allocated for EB packets And there are five sharedtimeslots allocated for data packets The period for sendingEB packets is set to 10 s However the original OpenWSNdoes not adopt any security mechanisms We added code toimplement the proposed security scheme on the OpenWSNplatform

73 Performance Evaluation Here we adopt the followingmetrics for performance evaluation synchronization errorenergy consumption and synchronization rateThe synchro-nization error reflects the synchronization precision in theprocess of synchronization The energy consumption is a keymetric in resource-constrained WSNs which directly deter-mines the feasibility of the scheme The synchronization ratecan reflect the percentage of nodes successfully synchronizingto the networks Next we will carefully analyze the perfor-mance of the secure pairwise and multihop synchronization

731 Secure Pairwise Time Synchronization We adopted apair of OpenMoteSTM nodes to evaluate the performance ofsecure pairwise time synchronization We introduce node Aand node B Node A needs to synchronize with node B at aperiod of 5 s The GT is set to 1ms Assuming the adversaryintermittently launches a pulse-delay attack the synchroniza-tion error may vary with time In real deployment the attackparameter Δ is set to 08ms

Figure 11 shows that the comparison of synchronizationerror values in both the nonmalicious and malicious settingsIn the nonmalicious setting the value on the vertical axis isalmost below 01ms in both the original and our proposedscheme This illustrates that our proposed scheme does notaffect the synchronization error And we used a green waveline to show the fluctuation of the synchronization errorThe synchronization error may increase with time becauseof the clock drift of each pair of nodes After synchroniz-ing child node A compensates its clock according to (2)Thus the synchronization error is reduced to a very smallvalue

In the malicious setting (where Δ119905 is set to 08ms) thesynchronization error is very different between the originaland our proposed scheme Figure 11 shows the maximumvalue of the synchronization error almost reaches 09msin the original scheme However it only rises slightly inour proposed scheme because our proposed scheme cansuccessfully detect the delay attack using the threshold-filtermechanism As we know the period of synchronization inour experiment is 5 s According to (10) threshold Q iscalculated to be 03ms when 119872119886119909 119889119903119894119891119905 sets 60 ppm (atypical value) In our proposed scheme when nodeA receivesa synchronization packet from the malicious node whoseclock offset is larger than threshold Q it will ignore the packetand increase the number of attacks In the real experimentthe attack parameter Δ119905 is 08ms larger than the thresholdQ Therefore the synchronization packet will be ignoredand the synchronization error may go up a little with theclock drift of the pair of nodes The experimental resultsnot only show the impact of the attack but also validate theeffectiveness of our proposed scheme

Energy consumption is a key metric in resource-constrained WSNs which directly determines the feasibilityof our schemeThe secure pairwise synchronization proposedin our paper adopts encryption and authentication mecha-nisms to protect against attacks In the ASN synchronizationprocess an EB packet may be encrypted using a shared keyto defend against eavesdrop attacks The device-to-device


Crystal

USB to UART Debug

MCU STM32F103 Radio AT86RF231

TX

RX

AES

SPI BufSPIClock

UART JTAG

Figure 9 Structure of an OpenMoteSTM node

Figure 10 Test-bed implementation of time synchronization inTSCH networks

Table 1 Energy consumption in different security modes

Security Mode EnergyNo Security 156 120583JEncryption 171 120583JAuthentication 192 120583JEncryption + Authentication 207 120583J

synchronization process needs message-integrity authentica-tion to defend against attacks OpenMoteSTM nodes adoptan AT86RF231 radio which supports hardware-acceleratedencryption and authentication The AT86RF231 radio usesthe Electronic Codebook (ECB) mode to encrypt messagesand the Cipher Block Chaining (CBC) mode to generate theMAC

The typical operating voltage 119880 of a node is 33 V Theoperating current can be measured by a current probe Theenergy consumption can be calculated according to

119864 = 119880 lowast 119868 lowast 119879 (16)

Table 1 illustrates the energy consumption in differentsecurity modes when the node transmits a 16-byte mes-sage The energy consumption in the encryption mode onlyincreases 9 compared to the no-security mode However it

12

11

1

09

08

07

06

05

04

03

02

01

0

sync

hron

izat

ion

erro

r (m

s)

0 10 20 30 40 50 60 70 80 90 100

Time (s)

Without AttackOriginal under AttackProposed under Attack

Figure 11 The comparison of synchronization error values underthe different scenarios

may increase 23 in the authentication mode Generally thedevice-to-device synchronization period is about 16 s Thusthe energy consumption may not increase significantly fromthe network life cycle

732 Secure Multihop Time Synchronization We imple-mented a test bed as illustrated in Figure 10 to evaluatethe effectiveness of secure multihop time synchronizationThe real experiment uses 16 OpenMoteSTM nodes to builda three-hop-deep wireless network The multihop networkadopts the RPL to build the time-synchronization tree

In the nonmalicious setting all nodes are legitimateThe nodes far away from the root can synchronize step bystep along the path of the time-synchronization tree Thepairs of neighborhood nodes use acknowledgment-basedsynchronization The period of synchronization is set to 10s and the GT is set to 1ms In the malicious setting acompromised node launches an error-accumulation attack


2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(a)

2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(b)

Figure 12 The synchronization error and synchronization rate vary with time in malicious settings (a) Original scheme (b) Our proposedscheme

In real deployment the compromised node intermittentlylaunches attacks

Figure 12 illustrates that the synchronization error andsynchronization rate vary with time in malicious settingsThe experiments were run 30 times and the average valuewas calculated Figure 12(a) indicates the fluctuation of thesynchronization error of the nodes and the synchronizationrate in the original scheme In the 0-100 s interval theaverage synchronization error of the network stayed in arelatively stable state and the value was less than 055msThe synchronization rate almost reaches 99 It indicates allnodes synchronize to the network In the 100-150 s intervalthe malicious node launches an error-accumulation attackThe average synchronization error of the network increasesrapidly And the synchronization rate drops to about 90as some nodes have lost synchronization In the 150-200 sinterval the synchronization error and synchronization ratereturn to the normal level as the malicious node stops attack-ing Figure 12(b) indicates the fluctuation of the synchroniza-tion error of the nodes and the synchronization rate in ourproposed scheme In the 0-100 s the average synchronizationerror and synchronization rate matched those for the originalscheme It illustrates that our proposed scheme does notaffect the synchronization error In the 100-150 s intervalthe malicious node launches an error-accumulation attackCompared to the original scheme the impact of attackson the synchronization error and network synchronizationrate is much smaller And in the 150-400 s interval thesynchronization error and network synchronization rate stayin the normal level because our proposed scheme can ensurethat the nodes can bypass the malicious node and find asecure path to the root nodes

8 Comparison with Related Protocols

Time-synchronization protocols in WSNs usually divide intotwo categories centralized synchronization and distributedsynchronization And secure time-synchronization protocolscan also be divided into two categories Table 2 showsthe comparison of different secure time-synchronizationprotocols He et al [12] analyzed the vulnerability of theATS protocol and described message-manipulation attacksThey then proposed a SATS (secure ATS) protocol using

hardware and logical clocks to detect the attacks The resultshowed that the SATS protocol can successfully defendagainst message-manipulation attacks Ganeriwal et al [8]pointed out the possible attacks on TPSN such as a forgeand modify attack pulse-delay attack and compromiseattack These attacks can mislead legitimate nodes to cal-culate an error clock offset They then proposed a SPSprotocol which adoptedmessage-authentication and end-to-end delay-estimation methods to defend against the aboveattacks The experiments showed that SPS can successfullyprotect against the attacks Maximum-consensus-based timesynchronization (MTS) is a typical distributed synchroniza-tion in WSNs An adversary may easily destroy the MTSprotocol by launching message-manipulation attacks Thenoise-resilient MTS (NMTS) protocol [15] which adoptedskew estimation clock skew and offset compensation mech-anisms can successfully defend against the attacks How-ever the above secure protocols cannot be directly appliedto the time-synchronization protocol in TSCH networksThe time-synchronization protocol in TSCH networks isdifferent from the ATS MTS and TPSN protocol Thereexist difference security vulnerabilities in the process of timesynchronization To the best of our knowledge the currentarticle is the first to provide an in-depth security analysis ofthe time synchronization in TSCH networks We conductedan in-depth security analysis of the single-hop pairwiseclusterwise and multihop time synchronization The adver-sary may easily destroy the time-synchronization protocolby launching the reply attack pulse-delay attack timeslot-template attack and error-accumulation attack Securitycountermeasures which include authentication mechanismsthe COF algorithm improved 120583TESLA and the multipathapproach based on trust modeling were proposed to protectagainst those attacks The experimental results validated theeffectiveness and feasibility of the security countermeasuresMoreover the energy cost of our proposed protocol is verylow

9 Conclusions

The current time-synchronization protocol in TSCH net-works has security vulnerabilities and is easily exploited byadversaries We developed a suite of protocols for secure


Table 2 Comparison of different secure time synchronization protocols

Secure Protocols SATS [12] SPS [8] NMTS [15] Our Proposed

Time SynchronizationATS

(DistributedSynchronization)

TPSN(Centralized

Synchronization)

MTS(Distributed

Synchronization)

TSCH(Centralized

Synchronization)

Vulnerabilities

Reply AttackPulse-Delay Attack

Message ManipulationAttack

ForgeModify AttackPulse-Delay AttackCompromise Attack

Pulse-Delay AttackMessage Manipulation

Attack


Timeslot-template AttackError-accumulation Attack

Countermeasures Logical Clock CheckingHardware Clock Checking

EncryptionAuthentication

120583TESLA

Maximum ConsensusSkew Estimation

Offset Compensation

AuthenticationCOF Algorithm

Improved 120583TESLAMultipath Approach

Energy Cost High Medium High Low

pairwise secure clusterwise and secure multihop time syn-chronization

We conducted an in-depth security analysis of the single-hop pairwise time synchronization and proposed a securitycountermeasure that includes authentication mechanismsand a COF algorithm The COF algorithm produced afilter based on a typical clock model to filter out time-synchronization packets from malicious nodes it was usedto defend against timeslot-template attacksThe experimentalresults showed that the synchronization error was very loweven in the malicious settings

In clusterwise time synchronization an adversary caneasily forge broadcast time-synchronization packets to dis-turb normal synchronization We proposed an improved120583TESLA scheme that supports immediate authenticationThe receivers did not need to wait a long time to receive thedisclosed key and authenticate the packets We provided anin-depth security analysis of multihop time synchronizationand described an error-accumulation attack We proposed amultipath approach based on trust modeling which couldfind a secure path to the root node by establishing a trustmodel between nodes Finally a test bed using 16 Open-MoteSTM nodes and the OpenWSN software was built Theexperimental results validated the effectiveness and feasibilityof the security countermeasures

Data Availability

The data used to support the findings of this study areavailable from the corresponding author upon request

Conflicts of Interest

The authors declare that they have no conflicts of interest

Acknowledgments

This work is supported by the National Natural ScienceFoundation of China under Grant No 61741125 the Nat-ural Science Foundation of Jiangxi Province under GrantNo 20171BAB212014 and the National High Technology

Research and Development Program under Grant No2014AA041801-2

References

[1] Z Sheng C Mahapatra C Zhu and V C Leung ldquoRecentadvances in industrial wireless sensor networks toward efficientmanagement in IoTrdquo IEEE Access vol 3 pp 622ndash637 2015

[2] Q-P Chi H-R Yan C Zhang Z-B Pang and L D Xu ldquoAreconfigurable smart sensor interface for industrialWSN in IoTenvironmentrdquo IEEE Transactions on Industrial Informatics vol10 no 2 pp 1417ndash1425 2014

[3] G Han L Liu J Jiang L Shu and G Hancke ldquoAnalysisof energy-efficient connected target coverage algorithms forindustrial wireless sensor networksrdquo IEEE Transactions onIndustrial Informatics vol 13 no 1 pp 135ndash143 2017

[4] IEEE Standard 802154-2006 ldquoIEEE Standard for InformationTechnology Local and Metropolitan Area Networks WirelessMedium Access Control (MAC) and Physical Layer (PHY)Specifications for Low Rate Wireless Personal Area Networks(WPANs)rdquo 2006

[5] International Society of Automation ldquoISA-10011a-2011 Wire-less systems for industrial automation process control andrelated applicationsrdquo 2011

[6] HART Communication Foundation ldquoWirelessHART Speci-fication 75 TDMA Data-Link Layerrdquo IEEE Transactions onVehicular Technology 2008

[7] IEEE Standard 802154-2015 ldquoIEEE 802154-2015 IEEEApproved Draft Standard for Low-Rate Wireless Personal AreaNetworks (WPANs)rdquo 2015

[8] S Ganeriwal C Popper S Capkun and M B SrivastavaldquoSecure Time Synchronization in Sensor Networksrdquo ACMTransactions on Information and System Security vol 11 no 4pp 23ndash57 2008

[9] J He J Chen P Cheng et al ldquoSecure time synchronizationin wireless sensor networks A maximum consensus-basedapproachrdquo IEEE Transactions on Parallel amp Distributed Systemsvol 25 no 4 pp 1055ndash1065 2014

[10] D-J Huang W-C Teng and K-T Yang ldquoSecured floodingtime synchronization protocol with moderatorrdquo InternationalJournal of Communication Systems vol 26 no 9 pp 1092ndash11152013


[11] Z Zhang S Gong A D Dimitrovski and H Li ldquoTimesynchronization attack in smart grid Impact andanalysisrdquo IEEETransactions on Smart Grid vol 4 no 1 pp 87ndash98 2013

[12] J He P Cheng L Shi and J Chen ldquoSATS secure average-consensus-based time synchronization in wireless sensor net-worksrdquo IEEE Transactions on Signal Processing vol 61 no 24pp 6387ndash6400 2013

[13] W Dong and X Liu ldquoRobust and secure time-synchronizationagainst Sybil attacks for sensor networksrdquo IEEE Transactions onIndustrial Informatics vol 11 no 6 pp 1482ndash1491 2015

[14] WYang YWan andQWang ldquoEnhanced secure time synchro-nisation protocol for IEEE802154e-based industrial Internet ofThingsrdquo IET Information Security vol 11 no 6 pp 369ndash3762017

[15] J He X Duan P Cheng L Shi and L Cai ldquoDistributed timesynchronization under bounded noise in wireless sensor net-worksrdquo in Proceedings of the 2014 IEEE 53rd Annual Conferenceon Decision and Control (CDC) pp 6883ndash6888 Los AngelesCA USA December 2014

[16] D Dujovne T Watteyne X Vilajosana and P Thubertldquo6TiSCH Deterministic IP-enabled industrial internet (ofthings)rdquo IEEE Communications Magazine vol 52 no 12 pp36ndash41 2014

[17] X Vilajosana Q Wang F Chraim T Watteyne T Chang andK S J Pister ldquoA realistic energy consumption model for TSCHnetworksrdquo IEEE Sensors Journal vol 14 no 2 pp 482ndash4892014

[18] K-A Shim Y-R Lee and C-M Park ldquoEIBAS an efficientidentity-based broadcast authentication scheme in wirelesssensor networksrdquo Ad Hoc Networks vol 11 no 1 pp 182ndash1892013

[19] K Ren S Yu W Lou and Y Zhang ldquoMulti-user broadcastauthentication in wireless sensor networksrdquo IEEE Transactionson Vehicular Technology vol 58 no 8 pp 4554ndash4564 2009

[20] T Winter P Thubert A Brandt et al ldquoRPL IPv6 RoutingProtocol for Low-Power and Lossy Networksrdquo RFC EditorRFC6550 2012

[21] Y L SunW Yu and Z Han ldquoInformation theoretic frameworkof trust modeling and evaluation for ad hoc networksrdquo IEEEJournal on Selected Areas in Communications vol 24 no 2 pp305ndash315 2006

[22] T Watteyne X Vilajosana B Kerkez et al ldquoOpenWSNa standards-based low-power wireless development environ-mentrdquo European Transactions on Telecommunications vol 23no 5 pp 480ndash493 2012

[23] T Zhang T Gong C Gu et al ldquoDistributed Dynamic PacketScheduling for Handling Disturbances in Real-Time WirelessNetworksrdquo in Proceedings of the 2017 IEEE Real-Time andEmbedded Technology and Applications Symposium (RTAS) pp261ndash272 Pittsburg PA USA April 2017

International Journal of

AerospaceEngineeringHindawiwwwhindawicom Volume 2018

RoboticsJournal of

Hindawiwwwhindawicom Volume 2018


Active and Passive Electronic Components

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawiwwwhindawicom

Volume 2018

Hindawi Publishing Corporation httpwwwhindawicom Volume 2013Hindawiwwwhindawicom

The Scientific World Journal

Volume 2018

Control Scienceand Engineering

Journal of



Journal ofEngineeringVolume 2018

SensorsJournal of



RotatingMachinery


Modelling ampSimulationin EngineeringHindawiwwwhindawicom Volume 2018


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation


Hindawi

wwwhindawicom Volume 2018

Advances in

Multimedia

Submit your manuscripts atwwwhindawicom


Super-frame

ASN=0

A C

C D

DA

Timeslot1 2 3 4 5

0

1

2

3

4

Chan

nel

D

A

CB

ADV BD

AC

99 100

A D

C D

B AA B

AC

Node A

Node B

Data Ack

Data Ack

GT

Figure 1 Sample timeslot-channel schedule in a TSCH network

Overall high-precision time synchronization is the corefeature of TSCH networks

Time synchronization is fundamental for the TSCH-based wireless networks However the time-synchronizationprotocol in TSCH networks focuses on energy efficiencyand clock accuracy while ignoring security issues If anadversary launches a time-synchronization attack on a TSCHnetwork the entire network communication system canbe paralyzed There are some secure time-synchronizationprotocols in WSNs (eg SPS [8] and SMTS [9]) But thosecountermeasures cannot be directly applied to the time-synchronization protocol inTSCHnetworksTheSPS (securepairwise synchronization) protocol [8] is designed to defendagainst the pulse-delay attack in TPSN time synchroniza-tion The SMTS (secured maximum-consensus-based time-synchronization) protocol [9] is designed to defend againstmessage-manipulation attacks inMTS time synchronizationThe time-synchronization protocol in TSCH networks isdifferent from the MTS and TPSN protocol There existdifference security vulnerabilities in the process of timesynchronization And the security countermeasures shouldalso consider the detail of implementation of the time-synchronization protocol It is necessary to research thesecure time synchronization in TSCH-based wireless net-works

In our paper time synchronization in TSCH networks isdivided into single-hop pairwise clusterwise and multihopaccording to the network scope We analyze in detail theirsecurity vulnerabilities due to the high-precision synchro-nization requirements and TSCH protocol itself and identifysome specific attacks and then propose corresponding secu-rity countermeasures

The contributions of the paper are threefold Firstly weanalyze in detail the vulnerability of single-hop pairwisesynchronization and propose security countermeasures that

include an authentication mechanism and a clock-offset filter(COF) algorithm The COF algorithm can filter out time-synchronization packets from malicious nodes Secondly weanalyze in detail the vulnerability of clusterwise synchroniza-tion and propose an improved 120583TESLA scheme that supportsimmediate authentication It does not need to wait until itreceives the disclosed key before authenticating the packetsFinally we analyze in detail the vulnerability of multihopsynchronization and define an error-accumulation attackWe propose a multipath approach based on trust modelingwhich can find a secure path to the root node by establishinga trust model between nodes

A test bed using 16 OpenMoteSTM nodes and theOpenWSN software was built to validate the effectiveness andfeasibility of the security countermeasures

The paper is organized as follows Section 2 introducessecure time-synchronization protocols in wireless sensornetworks Section 3 presents time synchronization in TSCHnetworks and the attack model Sections 4 5 and 6 describesecure pairwise secure clusterwise and securemultihop timesynchronization respectively Section 7 presents the exper-imental evaluation of the secure time synchronization in anetwork with 16 OpenMoteSTM nodes Section 8 presentsa comparison with other secure time-synchronization proto-cols Section 9 concludes the paper

2 Related Work

Huang et al [10] showed the seq num attacks and globaltime attacks on the flooding time-synchronization protocol(FTSP) Then they proposed a series of countermeasureswhich include new root-selection and blacklist filter mech-anisms to protect against the above attacks Zhang et al [11]observed a novel time-synchronization attack (TSA) that canmanipulate the timing information in a smart gridThe attack












119874119891119891119904119890119905 = 119860119903119903119894V119890119905119894119898119890 minus 119879119904119879119909119900119891119891119904119890119905 (1)

119862119906119903119903119890119899119905119875119890119903119894119900119889 = 119873119900119903119898119886119897119875119890119903119894119900119889 + 119874119891119891119904119890119905 (2)






119891119903119890119902119906119890119899119888119910 = (119860119878119873 + 119888ℎ119886119899119899119890119897119874119891119891119904119890119905)16 (3)


Tx Data

Transmitter

GT

RXON Rx Data


Idle Rx

Process Data

SFR

TsTxoffset

TsRxoffset

TsRxAckDelay

Prepareto Rx

Prepareto Rx

Receiver

AWT

EFR

４1

２1

(a)

Tx DataTransmitter

GT

RXON Rx Data


RXON Rx Ack

Tx Ack

SFR

TsTxoffset

TsRxoffset

TsRxAckDelay

Prepareto Rx

Prepareto Rx

TsTxAckDelay


４1 ４2

２1 ２2

(b)



Bit0-10 11-14 15 Octets2

Sub-ID

SEQNUM

DESTINATIONADDRESS


MAC HEADER

HeaderIEs

PayloadIEs

AUX SECHEADER

Length Type

MAC HEADER

FRAMECTRL

ASN

Octets 5 1

Join Priority

MFR




119900119891119891119904119890119905 = 119905119894119898119890119877119890119888119890119894V119890119889 minus 119879119904119879119909119900119891119891119904119890119905 + Δ119905 (4)





2(5)

119889119890119897119886119910 =(1198771 minus 1198791) + (1198792 minus 1198772)

2 (6)




2+ 120585 (7)



2(8)

119889119890119897119886119910 =(1198771 minus 1198791) + (1198792 minus 1198772) + Δ

2 (9)




119876 le 119879 lowast119872119886119909 119889119903119894119891119905 (10)

119889lowast = 119889119886V119892 + 3120590 (11)







2 119889119890119897119886119910 =

(1198771 minus 1198791) + (1198792 minus 1198772)

2



ADV ADVA

DV

ADVADV

Cluster-head

Child_4

Child_3

Child_6

Child_1

Child_2

Child_5

AD

V

Malicious Node

Forged ADV

Forged ADV








Time

Key Chain

Broadcast Packet

Ki- Ki Ki+ Ki+

Pi- Pi+ Pi+

F(Ki) F(Ki+) F(Ki+)

-1 +1 +2

Pi









119870119890119910119894 = 119867119886119904ℎ (119870119890119910119894 + 1) (119894 = 0 1 119899) (12)







0 1 2 3 4 100


0 1 2 3 4 100

Pj

Mj

H(Mj+)

MAC(Ki Dj)

Ki-

Pj+

Mj+

H(Mj+)

MAC(Ki+ Dj+)

Ki

Dj Dj+












Root A1 A2 A3 A4

A1A2

A3A4

200us200us

200us200us

1000us

Root A1 A2 A3 A4

1000us

Root

offse

toff

set

(a)

Root A1 A2 A3 A4

Root

A1A2

A3A4

600us

200us200us

200us1000us

Root A1 A2 A3

A4

offse

toff

set

1000us

1200us

Lose Sync

(b)


1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

Path_2Path_1 Path_3

Compromised node


Link Indicate




119875 119860 119883 119886119888119905119894119900119899 =1 + sum119868119895=1 120573

119905119888minus119905119895119896119895

2 + sum119868119895=1 120573119905119888minus119905119895119873119895

(13)





119908 + 1205792119879119903 where 1205791 1205792 isin [0 1] and



119879119908 = 119875 119860 119870 1199031198861199051198901

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119860

(14)

119879119903 = 119875 119860 119870 1199031198861199051198902

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870 119860119862119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

(15)
















Crystal

USB to UART Debug


TX

RX

AES

SPI BufSPIClock

UART JTAG







119864 = 119880 lowast 119868 lowast 119879 (16)


12

11

1

09

08

07

06

05

04

03

02

01

0

sync

hron

izat

ion

erro

r (m

s)

0 10 20 30 40 50 60 70 80 90 100

Time (s)







2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(a)

2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(b)







9 Conclusions







TPSN(Centralized

Synchronization)

MTS(Distributed

Synchronization)

TSCH(Centralized

Synchronization)

Vulnerabilities





Attack





120583TESLA


Offset Compensation







Data Availability




Acknowledgments



References



























RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia













119874119891119891119904119890119905 = 119860119903119903119894V119890119905119894119898119890 minus 119879119904119879119909119900119891119891119904119890119905 (1)

119862119906119903119903119890119899119905119875119890119903119894119900119889 = 119873119900119903119898119886119897119875119890119903119894119900119889 + 119874119891119891119904119890119905 (2)






119891119903119890119902119906119890119899119888119910 = (119860119878119873 + 119888ℎ119886119899119899119890119897119874119891119891119904119890119905)16 (3)


Tx Data

Transmitter

GT

RXON Rx Data


Idle Rx

Process Data

SFR

TsTxoffset

TsRxoffset

TsRxAckDelay

Prepareto Rx

Prepareto Rx

Receiver

AWT

EFR

４1

２1

(a)

Tx DataTransmitter

GT

RXON Rx Data


RXON Rx Ack

Tx Ack

SFR

TsTxoffset

TsRxoffset

TsRxAckDelay

Prepareto Rx

Prepareto Rx

TsTxAckDelay


４1 ４2

２1 ２2

(b)



Bit0-10 11-14 15 Octets2

Sub-ID

SEQNUM

DESTINATIONADDRESS


MAC HEADER

HeaderIEs

PayloadIEs

AUX SECHEADER

Length Type

MAC HEADER

FRAMECTRL

ASN

Octets 5 1

Join Priority

MFR




119900119891119891119904119890119905 = 119905119894119898119890119877119890119888119890119894V119890119889 minus 119879119904119879119909119900119891119891119904119890119905 + Δ119905 (4)





2(5)

119889119890119897119886119910 =(1198771 minus 1198791) + (1198792 minus 1198772)

2 (6)




2+ 120585 (7)



2(8)

119889119890119897119886119910 =(1198771 minus 1198791) + (1198792 minus 1198772) + Δ

2 (9)




119876 le 119879 lowast119872119886119909 119889119903119894119891119905 (10)

119889lowast = 119889119886V119892 + 3120590 (11)







2 119889119890119897119886119910 =

(1198771 minus 1198791) + (1198792 minus 1198772)

2



ADV ADVA

DV

ADVADV

Cluster-head

Child_4

Child_3

Child_6

Child_1

Child_2

Child_5

AD

V

Malicious Node

Forged ADV

Forged ADV








Time

Key Chain

Broadcast Packet

Ki- Ki Ki+ Ki+

Pi- Pi+ Pi+

F(Ki) F(Ki+) F(Ki+)

-1 +1 +2

Pi









119870119890119910119894 = 119867119886119904ℎ (119870119890119910119894 + 1) (119894 = 0 1 119899) (12)







0 1 2 3 4 100


0 1 2 3 4 100

Pj

Mj

H(Mj+)

MAC(Ki Dj)

Ki-

Pj+

Mj+

H(Mj+)

MAC(Ki+ Dj+)

Ki

Dj Dj+












Root A1 A2 A3 A4

A1A2

A3A4

200us200us

200us200us

1000us

Root A1 A2 A3 A4

1000us

Root

offse

toff

set

(a)

Root A1 A2 A3 A4

Root

A1A2

A3A4

600us

200us200us

200us1000us

Root A1 A2 A3

A4

offse

toff

set

1000us

1200us

Lose Sync

(b)


1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

Path_2Path_1 Path_3

Compromised node


Link Indicate




119875 119860 119883 119886119888119905119894119900119899 =1 + sum119868119895=1 120573

119905119888minus119905119895119896119895

2 + sum119868119895=1 120573119905119888minus119905119895119873119895

(13)





119908 + 1205792119879119903 where 1205791 1205792 isin [0 1] and



119879119908 = 119875 119860 119870 1199031198861199051198901

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119860

(14)

119879119903 = 119875 119860 119870 1199031198861199051198902

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870 119860119862119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

(15)
















Crystal

USB to UART Debug


TX

RX

AES

SPI BufSPIClock

UART JTAG







119864 = 119880 lowast 119868 lowast 119879 (16)


12

11

1

09

08

07

06

05

04

03

02

01

0

sync

hron

izat

ion

erro

r (m

s)

0 10 20 30 40 50 60 70 80 90 100

Time (s)







2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(a)

2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(b)







9 Conclusions







TPSN(Centralized

Synchronization)

MTS(Distributed

Synchronization)

TSCH(Centralized

Synchronization)

Vulnerabilities





Attack





120583TESLA


Offset Compensation







Data Availability




Acknowledgments



References



























RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



Tx Data

Transmitter

GT

RXON Rx Data


Idle Rx

Process Data

SFR

TsTxoffset

TsRxoffset

TsRxAckDelay

Prepareto Rx

Prepareto Rx

Receiver

AWT

EFR

４1

２1

(a)

Tx DataTransmitter

GT

RXON Rx Data


RXON Rx Ack

Tx Ack

SFR

TsTxoffset

TsRxoffset

TsRxAckDelay

Prepareto Rx

Prepareto Rx

TsTxAckDelay


４1 ４2

２1 ２2

(b)



Bit0-10 11-14 15 Octets2

Sub-ID

SEQNUM

DESTINATIONADDRESS


MAC HEADER

HeaderIEs

PayloadIEs

AUX SECHEADER

Length Type

MAC HEADER

FRAMECTRL

ASN

Octets 5 1

Join Priority

MFR




119900119891119891119904119890119905 = 119905119894119898119890119877119890119888119890119894V119890119889 minus 119879119904119879119909119900119891119891119904119890119905 + Δ119905 (4)





2(5)

119889119890119897119886119910 =(1198771 minus 1198791) + (1198792 minus 1198772)

2 (6)




2+ 120585 (7)



2(8)

119889119890119897119886119910 =(1198771 minus 1198791) + (1198792 minus 1198772) + Δ

2 (9)




119876 le 119879 lowast119872119886119909 119889119903119894119891119905 (10)

119889lowast = 119889119886V119892 + 3120590 (11)







2 119889119890119897119886119910 =

(1198771 minus 1198791) + (1198792 minus 1198772)

2



ADV ADVA

DV

ADVADV

Cluster-head

Child_4

Child_3

Child_6

Child_1

Child_2

Child_5

AD

V

Malicious Node

Forged ADV

Forged ADV








Time

Key Chain

Broadcast Packet

Ki- Ki Ki+ Ki+

Pi- Pi+ Pi+

F(Ki) F(Ki+) F(Ki+)

-1 +1 +2

Pi









119870119890119910119894 = 119867119886119904ℎ (119870119890119910119894 + 1) (119894 = 0 1 119899) (12)







0 1 2 3 4 100


0 1 2 3 4 100

Pj

Mj

H(Mj+)

MAC(Ki Dj)

Ki-

Pj+

Mj+

H(Mj+)

MAC(Ki+ Dj+)

Ki

Dj Dj+












Root A1 A2 A3 A4

A1A2

A3A4

200us200us

200us200us

1000us

Root A1 A2 A3 A4

1000us

Root

offse

toff

set

(a)

Root A1 A2 A3 A4

Root

A1A2

A3A4

600us

200us200us

200us1000us

Root A1 A2 A3

A4

offse

toff

set

1000us

1200us

Lose Sync

(b)


1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

Path_2Path_1 Path_3

Compromised node


Link Indicate




119875 119860 119883 119886119888119905119894119900119899 =1 + sum119868119895=1 120573

119905119888minus119905119895119896119895

2 + sum119868119895=1 120573119905119888minus119905119895119873119895

(13)





119908 + 1205792119879119903 where 1205791 1205792 isin [0 1] and



119879119908 = 119875 119860 119870 1199031198861199051198901

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119860

(14)

119879119903 = 119875 119860 119870 1199031198861199051198902

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870 119860119862119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

(15)
















Crystal

USB to UART Debug


TX

RX

AES

SPI BufSPIClock

UART JTAG







119864 = 119880 lowast 119868 lowast 119879 (16)


12

11

1

09

08

07

06

05

04

03

02

01

0

sync

hron

izat

ion

erro

r (m

s)

0 10 20 30 40 50 60 70 80 90 100

Time (s)







2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(a)

2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(b)







9 Conclusions







TPSN(Centralized

Synchronization)

MTS(Distributed

Synchronization)

TSCH(Centralized

Synchronization)

Vulnerabilities





Attack





120583TESLA


Offset Compensation







Data Availability




Acknowledgments



References



























RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




119900119891119891119904119890119905 = 119905119894119898119890119877119890119888119890119894V119890119889 minus 119879119904119879119909119900119891119891119904119890119905 + Δ119905 (4)





2(5)

119889119890119897119886119910 =(1198771 minus 1198791) + (1198792 minus 1198772)

2 (6)




2+ 120585 (7)



2(8)

119889119890119897119886119910 =(1198771 minus 1198791) + (1198792 minus 1198772) + Δ

2 (9)




119876 le 119879 lowast119872119886119909 119889119903119894119891119905 (10)

119889lowast = 119889119886V119892 + 3120590 (11)







2 119889119890119897119886119910 =

(1198771 minus 1198791) + (1198792 minus 1198772)

2



ADV ADVA

DV

ADVADV

Cluster-head

Child_4

Child_3

Child_6

Child_1

Child_2

Child_5

AD

V

Malicious Node

Forged ADV

Forged ADV








Time

Key Chain

Broadcast Packet

Ki- Ki Ki+ Ki+

Pi- Pi+ Pi+

F(Ki) F(Ki+) F(Ki+)

-1 +1 +2

Pi









119870119890119910119894 = 119867119886119904ℎ (119870119890119910119894 + 1) (119894 = 0 1 119899) (12)







0 1 2 3 4 100


0 1 2 3 4 100

Pj

Mj

H(Mj+)

MAC(Ki Dj)

Ki-

Pj+

Mj+

H(Mj+)

MAC(Ki+ Dj+)

Ki

Dj Dj+












Root A1 A2 A3 A4

A1A2

A3A4

200us200us

200us200us

1000us

Root A1 A2 A3 A4

1000us

Root

offse

toff

set

(a)

Root A1 A2 A3 A4

Root

A1A2

A3A4

600us

200us200us

200us1000us

Root A1 A2 A3

A4

offse

toff

set

1000us

1200us

Lose Sync

(b)


1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

Path_2Path_1 Path_3

Compromised node


Link Indicate




119875 119860 119883 119886119888119905119894119900119899 =1 + sum119868119895=1 120573

119905119888minus119905119895119896119895

2 + sum119868119895=1 120573119905119888minus119905119895119873119895

(13)





119908 + 1205792119879119903 where 1205791 1205792 isin [0 1] and



119879119908 = 119875 119860 119870 1199031198861199051198901

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119860

(14)

119879119903 = 119875 119860 119870 1199031198861199051198902

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870 119860119862119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

(15)
















Crystal

USB to UART Debug


TX

RX

AES

SPI BufSPIClock

UART JTAG







119864 = 119880 lowast 119868 lowast 119879 (16)


12

11

1

09

08

07

06

05

04

03

02

01

0

sync

hron

izat

ion

erro

r (m

s)

0 10 20 30 40 50 60 70 80 90 100

Time (s)







2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(a)

2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(b)







9 Conclusions







TPSN(Centralized

Synchronization)

MTS(Distributed

Synchronization)

TSCH(Centralized

Synchronization)

Vulnerabilities





Attack





120583TESLA


Offset Compensation







Data Availability




Acknowledgments



References



























RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia






2 119889119890119897119886119910 =

(1198771 minus 1198791) + (1198792 minus 1198772)

2



ADV ADVA

DV

ADVADV

Cluster-head

Child_4

Child_3

Child_6

Child_1

Child_2

Child_5

AD

V

Malicious Node

Forged ADV

Forged ADV








Time

Key Chain

Broadcast Packet

Ki- Ki Ki+ Ki+

Pi- Pi+ Pi+

F(Ki) F(Ki+) F(Ki+)

-1 +1 +2

Pi









119870119890119910119894 = 119867119886119904ℎ (119870119890119910119894 + 1) (119894 = 0 1 119899) (12)







0 1 2 3 4 100


0 1 2 3 4 100

Pj

Mj

H(Mj+)

MAC(Ki Dj)

Ki-

Pj+

Mj+

H(Mj+)

MAC(Ki+ Dj+)

Ki

Dj Dj+












Root A1 A2 A3 A4

A1A2

A3A4

200us200us

200us200us

1000us

Root A1 A2 A3 A4

1000us

Root

offse

toff

set

(a)

Root A1 A2 A3 A4

Root

A1A2

A3A4

600us

200us200us

200us1000us

Root A1 A2 A3

A4

offse

toff

set

1000us

1200us

Lose Sync

(b)


1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

Path_2Path_1 Path_3

Compromised node


Link Indicate




119875 119860 119883 119886119888119905119894119900119899 =1 + sum119868119895=1 120573

119905119888minus119905119895119896119895

2 + sum119868119895=1 120573119905119888minus119905119895119873119895

(13)





119908 + 1205792119879119903 where 1205791 1205792 isin [0 1] and



119879119908 = 119875 119860 119870 1199031198861199051198901

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119860

(14)

119879119903 = 119875 119860 119870 1199031198861199051198902

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870 119860119862119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

(15)
















Crystal

USB to UART Debug


TX

RX

AES

SPI BufSPIClock

UART JTAG







119864 = 119880 lowast 119868 lowast 119879 (16)


12

11

1

09

08

07

06

05

04

03

02

01

0

sync

hron

izat

ion

erro

r (m

s)

0 10 20 30 40 50 60 70 80 90 100

Time (s)







2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(a)

2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(b)







9 Conclusions







TPSN(Centralized

Synchronization)

MTS(Distributed

Synchronization)

TSCH(Centralized

Synchronization)

Vulnerabilities





Attack





120583TESLA


Offset Compensation







Data Availability




Acknowledgments



References



























RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



Time

Key Chain

Broadcast Packet

Ki- Ki Ki+ Ki+

Pi- Pi+ Pi+

F(Ki) F(Ki+) F(Ki+)

-1 +1 +2

Pi









119870119890119910119894 = 119867119886119904ℎ (119870119890119910119894 + 1) (119894 = 0 1 119899) (12)







0 1 2 3 4 100


0 1 2 3 4 100

Pj

Mj

H(Mj+)

MAC(Ki Dj)

Ki-

Pj+

Mj+

H(Mj+)

MAC(Ki+ Dj+)

Ki

Dj Dj+












Root A1 A2 A3 A4

A1A2

A3A4

200us200us

200us200us

1000us

Root A1 A2 A3 A4

1000us

Root

offse

toff

set

(a)

Root A1 A2 A3 A4

Root

A1A2

A3A4

600us

200us200us

200us1000us

Root A1 A2 A3

A4

offse

toff

set

1000us

1200us

Lose Sync

(b)


1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

Path_2Path_1 Path_3

Compromised node


Link Indicate




119875 119860 119883 119886119888119905119894119900119899 =1 + sum119868119895=1 120573

119905119888minus119905119895119896119895

2 + sum119868119895=1 120573119905119888minus119905119895119873119895

(13)





119908 + 1205792119879119903 where 1205791 1205792 isin [0 1] and



119879119908 = 119875 119860 119870 1199031198861199051198901

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119860

(14)

119879119903 = 119875 119860 119870 1199031198861199051198902

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870 119860119862119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

(15)
















Crystal

USB to UART Debug


TX

RX

AES

SPI BufSPIClock

UART JTAG







119864 = 119880 lowast 119868 lowast 119879 (16)


12

11

1

09

08

07

06

05

04

03

02

01

0

sync

hron

izat

ion

erro

r (m

s)

0 10 20 30 40 50 60 70 80 90 100

Time (s)







2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(a)

2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(b)







9 Conclusions







TPSN(Centralized

Synchronization)

MTS(Distributed

Synchronization)

TSCH(Centralized

Synchronization)

Vulnerabilities





Attack





120583TESLA


Offset Compensation







Data Availability




Acknowledgments



References



























RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



0 1 2 3 4 100


0 1 2 3 4 100

Pj

Mj

H(Mj+)

MAC(Ki Dj)

Ki-

Pj+

Mj+

H(Mj+)

MAC(Ki+ Dj+)

Ki

Dj Dj+












Root A1 A2 A3 A4

A1A2

A3A4

200us200us

200us200us

1000us

Root A1 A2 A3 A4

1000us

Root

offse

toff

set

(a)

Root A1 A2 A3 A4

Root

A1A2

A3A4

600us

200us200us

200us1000us

Root A1 A2 A3

A4

offse

toff

set

1000us

1200us

Lose Sync

(b)


1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

Path_2Path_1 Path_3

Compromised node


Link Indicate




119875 119860 119883 119886119888119905119894119900119899 =1 + sum119868119895=1 120573

119905119888minus119905119895119896119895

2 + sum119868119895=1 120573119905119888minus119905119895119873119895

(13)





119908 + 1205792119879119903 where 1205791 1205792 isin [0 1] and



119879119908 = 119875 119860 119870 1199031198861199051198901

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119860

(14)

119879119903 = 119875 119860 119870 1199031198861199051198902

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870 119860119862119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

(15)
















Crystal

USB to UART Debug


TX

RX

AES

SPI BufSPIClock

UART JTAG







119864 = 119880 lowast 119868 lowast 119879 (16)


12

11

1

09

08

07

06

05

04

03

02

01

0

sync

hron

izat

ion

erro

r (m

s)

0 10 20 30 40 50 60 70 80 90 100

Time (s)







2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(a)

2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(b)







9 Conclusions







TPSN(Centralized

Synchronization)

MTS(Distributed

Synchronization)

TSCH(Centralized

Synchronization)

Vulnerabilities





Attack





120583TESLA


Offset Compensation







Data Availability




Acknowledgments



References



























RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



Root A1 A2 A3 A4

A1A2

A3A4

200us200us

200us200us

1000us

Root A1 A2 A3 A4

1000us

Root

offse

toff

set

(a)

Root A1 A2 A3 A4

Root

A1A2

A3A4

600us

200us200us

200us1000us

Root A1 A2 A3

A4

offse

toff

set

1000us

1200us

Lose Sync

(b)


1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

1

7

5 9

4

2

6

108

3

Path_2Path_1 Path_3

Compromised node


Link Indicate




119875 119860 119883 119886119888119905119894119900119899 =1 + sum119868119895=1 120573

119905119888minus119905119895119896119895

2 + sum119868119895=1 120573119905119888minus119905119895119873119895

(13)





119908 + 1205792119879119903 where 1205791 1205792 isin [0 1] and



119879119908 = 119875 119860 119870 1199031198861199051198901

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119860

(14)

119879119903 = 119875 119860 119870 1199031198861199051198902

=1 + sum119868119895=1 120573

119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870 119860119862119870

2 + sum119868119895=1 120573119866119860(119905119888)minus119866119860(119905119895)119899119906119898119879119909 119870

(15)
















Crystal

USB to UART Debug


TX

RX

AES

SPI BufSPIClock

UART JTAG







119864 = 119880 lowast 119868 lowast 119879 (16)


12

11

1

09

08

07

06

05

04

03

02

01

0

sync

hron

izat

ion

erro

r (m

s)

0 10 20 30 40 50 60 70 80 90 100

Time (s)







2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(a)

2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(b)







9 Conclusions







TPSN(Centralized

Synchronization)

MTS(Distributed

Synchronization)

TSCH(Centralized

Synchronization)

Vulnerabilities





Attack





120583TESLA


Offset Compensation







Data Availability




Acknowledgments



References



























RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia

















Crystal

USB to UART Debug


TX

RX

AES

SPI BufSPIClock

UART JTAG







119864 = 119880 lowast 119868 lowast 119879 (16)


12

11

1

09

08

07

06

05

04

03

02

01

0

sync

hron

izat

ion

erro

r (m

s)

0 10 20 30 40 50 60 70 80 90 100

Time (s)







2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(a)

2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(b)







9 Conclusions







TPSN(Centralized

Synchronization)

MTS(Distributed

Synchronization)

TSCH(Centralized

Synchronization)

Vulnerabilities





Attack





120583TESLA


Offset Compensation







Data Availability




Acknowledgments



References



























RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



Crystal

USB to UART Debug


TX

RX

AES

SPI BufSPIClock

UART JTAG







119864 = 119880 lowast 119868 lowast 119879 (16)


12

11

1

09

08

07

06

05

04

03

02

01

0

sync

hron

izat

ion

erro

r (m

s)

0 10 20 30 40 50 60 70 80 90 100

Time (s)







2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(a)

2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(b)







9 Conclusions







TPSN(Centralized

Synchronization)

MTS(Distributed

Synchronization)

TSCH(Centralized

Synchronization)

Vulnerabilities





Attack





120583TESLA


Offset Compensation







Data Availability




Acknowledgments



References



























RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(a)

2181614121

080604020Sy

nchr

oniz

atio

n Er

ror (

ms)

0 50 100 150 200 250 300 350 400

Time (s)

1009080706050403020100 Sy

nchr

oniz

atio

n Ra

te (

)

OffsetRate

(b)







9 Conclusions







TPSN(Centralized

Synchronization)

MTS(Distributed

Synchronization)

TSCH(Centralized

Synchronization)

Vulnerabilities





Attack





120583TESLA


Offset Compensation







Data Availability




Acknowledgments



References



























RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia







TPSN(Centralized

Synchronization)

MTS(Distributed

Synchronization)

TSCH(Centralized

Synchronization)

Vulnerabilities





Attack





120583TESLA


Offset Compensation







Data Availability




Acknowledgments



References



























RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


















RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


Documents

Security Vulnerabilities and Countermeasures for Time