You are on page 1of 3

International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013

ISSN: 2231-2803 Page 1527

Clone Attacks Detection In Wireless Sensor Networks

Mrs.P.Radhadevi*1, D Gopi Krishna*2
Assistant Professor, Dept of Computer Applications, SNIST, Ghatkesar, Hyderabad, AP, India
M.C.A Student, Dept of Computer Applications, SNIST, Ghatkesar, Hyderabad, AP, India


The general problem in wireless
sensor network security (WSN) is the node
Clone attack. This attack, is an adversary
breaks into a sensor node. Once attacker
captures sensor nodes, can compromise
them and launch various types of attacks
with those compromised nodes. Therefore,
node capture attacks should be detected as
soon as possible to reduce the harm incurred
by them. Some of the solutions were
introduced to meet the requirements of this
problem. However, these solutions are not
satisfactory. A serious drawback for any
protocol to be used in the WSN resource
constrained environment. To solve this,
analyze the desirable properties of a
distributed mechanism for the detection of
node replication attacks. Here is a new self-
healing, Randomized, Efficient, and
Distributed (RED) protocol for the detection
of node replication attacks, and we show
that it satisfies the requirements.

INDEX TERMS: wireless sensor networks,
node replication attacks, clone attacks.


Wireless communication is an application of
science and technology that has come to be
vital for modern existence. In advance,
Wireless sensor Network(WSN) is used in
Wireless communication for transferring the
information. A WSN is a collection of
sensors with limited resources that
collaborate to achieve a common goal. Due
to their nature, they are often unattended,
hence prone to different kinds of novel
attacks. For example, an adversary could
drop all network communications; further,
an adversary could capture nodes acquiring
all the information stored there in sensors
are commonly assumed to be not tamper-
proof. Therefore, an adversary may replicate
captured sensors and deploy them in the
network to launch a variety of malicious
activities. This attack is referred to as the
clone attack, since a clone has legitimate
information. It may participate in the
network operations in the same way as a non
compromised node. Hence, cloned nodes
can launch a variety of attacks.

Fig1: Components of sensor nodes
In this paper, we develop methods
for finding the appropriate number of
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013

ISSN: 2231-2803 Page 1528

witness nodes, such that the performance of
the WSN is optimal. We consider the
aspects of network performance, in
particular the communication and the
storage overhead involved in transmission
and validation of location claims, as well as
the impact of undetected captured nodes on
WSN operation.

Bugs in the software running on the
sensor nodes or on the base stations give rise
to attacks which can be easily automated
and can be mounted on a very large number
of nodes in a very short amount of time.
Possible countermeasures include a
heterogeneous network design and standard
methods from software engineering.
attacks on embedded systems, that is, on
microcontrollers and smart cards, have been
intensively studied before. Skorobogatov
classifies them in the three categories of
invasive, semi-invasive, and non-invasive
attacks. Invasive attacks are those which
require access to a chips internals, and they
typically need expensive equipment used in
semiconductor manufacturing and testing, as
well as a preparation of the chip before the
attack can begin. Semi-invasive attacks
require much cheaper equipment and less
time than the invasive attacks, while non-
invasive attacks are the easiest. All of these
attacks, including the so-called low-cost
attacks, if applied to sensor nodes, would
require that they be removed from the
deployment area and taken to a laboratory.
Most of the invasive and many of the semi-
invasive attacks also require disassembly or
physical destruction of the sensor nodes.
The existing literature on physical attacks
usually assumes that an attacker can gain
unsupervised access to the system to be
attacked for an extended period of time.
Attacks which may take days or even weeks
to complete present a real threat to the
security of these systems. Continuous
absence of a node can be considered an
unusual condition that can be noticed by its
neighbors. This makes time a very important
factor in evaluating attacks against sensor
nodes, as the system might be able to detect
such attacks while they are in progress and
respond to them in real-time. One of our
aims has been to determine the exact amount
of time needed to carry out various attacks.
Based on these figures, the frequency with
which neighbors should be checked can be
adapted to the desired level of security and
the anticipated threat model.


We first assume a static sensor network in
which the locations of sensor nodes do not
change after deployment. We also assume
that every sensor node works in
promiscuous mode and is able to identify the
sources of all messages originating from its
neighbors. We believe that this assumption
does not incur substantial overhead because
each node inspects only the source IDs of
the messages from its neighbors rather than
the entire contents of the messages. We
assume that an attacker can physically
capture sensor nodes to compromise them.
However, we place limits on the number of
sensor nodes that he can physically capture
in each target region. This is reasonable
from the perspective that an increase in the
number of the captured sensor nodes will
lead to a rise in the likelihood that attacker is
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013

ISSN: 2231-2803 Page 1529

detected by intruder detection mechanisms.
Therefore, a rationale attacker will want to
physically capture the limited number of
sensor nodes in each target region while not
being detected by intruder detection
mechanisms. Moreover, we assume that it
takes a certain amount of time from
capturing nodes o redeploying them in the
network. This is reasonable in the sense that
an attacker needs some time to compromise
captured sensor nodes.

In this paper, a few basic
requirements an ideal protocol for
distributed detection of node replicas are
presented and justified. Moreover, the
overhead of such a protocol should be not
only small, but also evenly distributed
among the nodes, both in computation and
memory. The proposal of this paper is about
the Enhanced RED (Randomized, Efficient
and Distributed) protocol to detect node
replication attacks. The Enhanced RED
protocol is more efficient and less overhead
when compared to Randomized Multicast,
Line Selected Multicast and RED protocol.
This protocal outperforms RED in terms of
efficiency and effectiveness. Finally, this
Enhanced RED protocol is more robust in
the process of attack detection than the rest
of the protocol. It covers all requirements in
clone nodes detection. Clone nodes are
detected using ID and location. They are
detected with less amount of overhead, less
amount of memory.


[1] R. Brooks, P. Govindaraju, M. Pirretti, N.Vijaykrishnan, and
M.T. Kandemir, On the
Detection of Clones in Sensor Networks Using Random Key
Predistribution, IEEE Trans.Systems, Man and Cybernetics, Part
C: Applications and Rev., vol. 37, no. 6, pp. 1246-1258, Nov.

[2] M. Conti, R. Di Pietro, and L.V. Mancini, ECCE: Enhanced
Cooperative Channel Establishment for Secure Pair-Wise
Communication in Wireless Sensor Networks, Ad Hoc Networks,
vol. 5, no. 1, pp. 49-62, 2007.

[3] M. Conti, R. Di Pietro, L.V. Mancini, and A. Mei, Mobility
and Cooperation to Thwart Node
CaptureAttacks in Manets, J . Wireless Comm. and Networking.
Feb. 2009.

[4] H. Chan and A. Perrig, Security and privacy in sensor
networks, Computer, vol. 36, no. 10, pp. 103105, 2003.

[5] X. Wu, G. Chen, and S. K. Das, Onthe energy holeproblem
of non uniformnodedistribution in wireless sensor networks, in
the Proc. of IEEE International Conferenceon MobileAdhoc and
Sensor Systems, 2006, pp. 180187.

[6] A. Chan, X. Liu, G. Noubir, and B. Thapa, Broadcast control
channel jamming: Resilience and identification of traitors, in the
Proc. of IEEE International Symposiumon Information Theory,
2007, pp. 24962500.

[7] B. Parno, A. Perrig, and V. D. Gligor, Distributed detection of
nodereplicationattacks in sensor networks, in the Proc. Of IEEE
Symposiumon Security and Privacy, 2005, pp. 4963.

[8] R. Poovendran and L. Lazos, A graph theoretic framework for
preventing the wormhole attack in wireless ad hoc networks,
Wireless Networks, vol. 13, no. 1, pp. 2759, 2007.

[9] Y. Liu, P. Ning, and M. K. Reiter, False datainjection attacks
against state estimation in electric power grids, in the Proc. Of the
16th ACM conference on Computer and Communications
Security, 2009, pp. 2132.

[10] M. Conti, R. Di Pietro, L. V. Mancini, and A. Mei, A
randomized, efficient, and distributed protocol for the detection of
nodereplicationattacks in wireless sensor networks, in theProc.
of the 8th ACM International symposiumon Mobile
ad hoc networking and computing, 2007, pp. 8089.