Contact at mumbai.academics@gmail.com or 8097636691
Responsive Ads Here

Friday, 2 February 2018

Grouping-Enhanced Resilient Probabilistic En-Route Filtering of Injected False Data in WSNs(2012)


Grouping-Enhanced Resilient Probabilistic En-Route Filtering of Injected False Data in WSNs(2012)

Abstract
In wireless sensor networks, the adversary may inject false reports to exhaust network energy or trigger false alarms with compromised sensor nodes. In response to the problems of existing schemes on the security resiliency, applicability and filtering effectiveness, this Project proposes a scheme, referred to as Grouping-enhanced Resilient Probabilistic En-route Filtering (GRPEF). In GRPEF, an efficient distributed algorithm is proposed to group nodes without incurring extra groups, and a multiaxis division based approach for deriving location-aware keys is used to overcome the threshold problem and remove the dependence on the sink immobility and routing protocols. Compared to the existing schemes, GRPEF significantly improves the effectiveness of the en-route filtering and can be applied to the sensor networks with mobile sinks while reserving the resiliency.
Introduction
In many monitoring applications, wireless sensor networks (WSNs) are usually deployed in a hostile environment, and an adversary can easily capture and compromise sensor nodes due to their low cost and unattended nature. Once a node is compromised, the adversary can easily launch false data injection attack by the compromised nodes for forging bogus event reports to the base station. This attack may not only trigger false alarms but also drain out the limited resources of the forwarding nodes in the routing paths. Thus, it is critical for WSNs to defend such attack from two aspects of protecting report authenticity and filtering bogus reports. These schemes adopt a general en-route filtering framework to protect data authenticity, detect and filter out false reports. There are two ways to share the authentication keys for the report endorsement, that are, routing-specific way and probabilistic way. In the routing-specific key sharing schemes such as IHA , DEFS , and LEDS , the authentication keys of sensor nodes are shared with the forwarding nodes in the routing path by pairwise key establishment or key dissemination . IHA and DEFS require periodic maintenance of node association or key dissemination along the routing paths to the sink, which incur great energy cost because of frequent routing changes in WSNs. In the probabilistic key sharing schemes such as SEF and LBRS , the sensor nodes are divided into n(n > T) groups according to the key distribution before deployment. The nodes in the same group share common authentication keys with a probability. A legitimate report is endorsed with T MACs each of which is generated by a detecting node from different group, which is referred to as T-group authentication. Since the probabilistic key sharing schemes do not need periodic node association and key dissemination, they are superior to the routing-specific key sharing schemes and are preferred by the resource-constrained WSNs.
Existing System
These schemes adopt a general en-route filtering framework to protect data authenticity, detect and filter out false reports. This framework assumes that an event can be detected by more than T sensors. To protect the report authenticity, a legitimate report is collaboratively endorsed with T (T > 1) distinct Message Authentication Codes (MACs) from the nodes detecting the event simultaneously. To filter the false reports, the nodes in the routing path share the authentication keys for the report endorsement. As a result, an invalid report that has less than T MACs or any incorrect MAC can be detected and dropped by the forwarding nodes or the sinks. There are two ways to share the authentication keys for the report endorsement, that are, routing-specific way and probabilistic way.
In the routing-specific key sharing schemes such as IHA, DEFS, and LEDS, the authentication keys of sensor nodes are shared with the forwarding nodes in the routing path by pairwise key establishment or key dissemination.
Since the probabilistic key sharing schemes do not need periodic node association and key dissemination, they are superior to the routing-specific key sharing schemes and are preferred by the resource-constrained WSNs. However, the existing probabilistic schemes have their shortages.
Proposed System
In the probabilistic key sharing schemes such as SEF and LBRS , the sensor nodes are divided into n(n > T) groups according to the key distribution before deployment. The nodes in the same group share common authentication keys with a probability. A legitimate report is endorsed with T MACs each of which is generated by a detecting node from different group, which is referred to as T-group authentication. The extra n _ T groups are introduced to enable T-group authentication to work for events in as large area as possible. A random key predistribution approach is adopted in SEF . A global key pool is evenly divided into n partitions. Each node randomly picks k keys from one partition and the nodes holding keys from the same partition form a group. In LBRS, each node is preloaded with one of n master secrets, and the nodes having the same master secret form a group. The authentication keys are derived based on the locations of cells in the terrain. All the nodes in the routing paths to the sink shares the authentication keys with a probability.
Comparing with SEF and LBRS, GRPEF has the following advantages.
1. In GRPEF, an efficient distributed algorithm is proposed to divide sensor nodes into exact T groups. It can guarantee that any location in the monitored area is covered simultaneously by T nodes from distinct groups with a high probability. The removal of the extra groups significantly improves the enrooting filtering effectiveness, as shown by our formal analysis. GRPEF achieves the same coverage percentage of T-group authentication as SEF and LBRS without requiring more than T groups.
2. To tackle the threshold limitation of SEF, a novel location-aware key derivation technique based on multiaxis division is proposed without assuming the sink immobility and specific routing models. As a result, GRPEF achieves the resiliency against node compromise while being applicable to the networks with mobile sinks and various routing protocols. Our theoretical analysis shows that GRPEF achieves much higher resiliency than SEF.
Module List
Ø Login
Ø Sensor node
Ø Mobile Sink
Ø Monitoring and Reporting Phase
Ø False Data Injection
Ø En-Route Filtering
Module Description
Login
In this module the user can get in to the system by enter the username and password. The user can register them self in the particular Sensor Node. Therefore we can easily identify a Mobile Sink, where it is resident.
Sensor Node
In this module, the sensor node requests the mobile sink and then mobile sink response to the sensor node. Mobile sink provides the Message Authentication Code (MAC) to the sensor node .Each sensor node use this MAC and then actual data is send to the sensor node-2.Sensor node-2 may inject the false data .Finally send to the mobile sink.
Mobile sink:
The mobile sink receives the data from the all nodes in network which may be false data or integrity data. After receiving data, it will identify the false inject data by enroute-filtering.
Monitoring and Reporting Phase:
When an event occurs in partition. All detecting nodes are organized into a cluster and collaboratively generate the event report E with the event location. The message authentication code of report E generated with a symmetric key. The detecting node in group computes MAC where k is the endorsement key bound with the partition. Then the detecting node sends a tuple to the cluster head CH. When CH collects MAC from distinct groups, it sends out the report with the endorsement to the sink.
False Data Injection
In this module focus on the false data injection attack, in which the compromised nodes inject forged event reports to trigger false alarms or to deplete the limited resources of nodes in the routing paths. Our problem is to design a scheme that can detect and filter false reports such that false reports is detected and dropped as early as possible, the threshold limitation of the solutions is overcome, graceful performance degradation is achieved when more and more nodes are compromised, and the scheme should be independent of routing protocols and applicable to the WSNs with mobile sinks.
En-route filtering
Ø  Every forwarding node verifies the MAC computed by its lower association node, and then removes that MAC from the received report.
Ø   If the verification succeeds, it then computes and attaches a new MAC based on its pairwise key shared with its upper associated node.
Ø  Finally, it forwards the report to the next node towards the BS.
System Specification
Software Requirements
Front End/GUI Tool                           : Microsoft Visual studio 2008
Operating System                               : Windows family
Language                                            : C#.NET
Technology                                         : ASP.NET 3.5
Hardware Specification
Processor                                            : Pentium dual core
RAM                                                  : 1 GB
Hard Disk Drive                                : 80 GB
Monitor                                              : 17” Color Monitor

No comments:

Post a Comment