International Journal of Advanced Computer Science, Vol. 3, No. 2, Pp. 99-103, Feb., 2013.

Detectability of Man-in-the-Middle Attacker in Mobile Sensor Networks

Mohammad Abdus Salam
Manuscript
Received: 15, Nov., 2012 Revised: 7, Dec., 2012 Accepted: 15, Jan., 2013 Published: 15, Jan., 2013

Keywords
Distributed sensor networks, wireless sensor networks, time synchronization, security, man in the middle attack

Abstract Wireless sensor networks (WSNs) are resource-constrained self-organizing networks that are often deployed in hostile and inaccessible environments in order to collect data. The reliability of WSN is affected by faults that may occur due to various reasons such as malfunctioning hardware, software glitches, dislocation, or environmental hazards. Appropriate fault tolerance mechanism will mitigate network failure and increase the aggregate network reliability. In an adversarial situation, attackers may wish to set up a link that does not have the properties of the network in which it is embedded. Moreover, the attackers may wish to tamper with the characteristics of a link between two legitimate nodes. This attack is called the man-in-the-middle attack. This paper discusses the characteristics of the man-in-the middle attacks and provides certain limitations on secure clock synchronization for wireless sensor networks. We state the various scenarios of the man-in-the-middle attacker in terms of time synchronization and location of attacker. The detectability of the man-in-the-middle attackers depends upon the half-duplex, full-duplex radio capacity of the attackers. We develop man-in-the-middle attack scenarios and discuss the possibility of detection in each.

1. Introduction
Wireless sensor networks (WSNs) promise researchers a powerful instrument for observing various phenomena and have been deployed in many application domains such as habitat monitoring [1] and scientific exploration [2]. However, WSN nodes are prone to be failure due to energy depletion, hardware failure, communication link errors, malicious attack, and so on. Consequently, the performance (accuracy and precision) of WSNs are sensitive to the performance (accuracy and precision) of their individually participating nodes. Fault tolerance is the ability of a system
This work was supported by the Thurgood Marshall College Foundation and the Office of Naval Research. Department of Computer Science, Southern University and A&M College, Baton Rouge, Louisiana 70813, USA, (md-salam@subr.edu)
s r

to deliver desired level of functionality in the presence of fault [3]. Since sensor nodes are prone to failure, distributed fault tolerance mechanisms [4] should be seriously considered as a means to reduce network sensitivity to individual node failures. WSN faults are generally classified as either functional or data faults [5]. Functional faults result from packet loss, routing failure, or crash of the individual nodes and are characterized as non-delivery of data within the network. Data faults occur when a nodes behavior results in delivery of inaccurate data. We note that man-in-the-middle attacks can exhibit either kind of failure. Time synchronization plays a critical role in the performance of WSNs. Some sensor networks use a sleep schedule to reduce energy consumption of a sensor node. If the appropriate synchronization is lost or tampered for such a system, nodes may waste power by waking up and transmitting while other nodes are sleeping [5]. Another example is the use of time signals to provide temporal data correlation. WSNs will often correlate data samples through timing, and if that timing is not in sync, it can corrupt the data reported by the network. Therefore, secure clock synchronization is a must for reliability and overall system performance for many wireless sensor networks. WSNs may also face various types of attacks which are application dependent [7]. Attacks can be either invasive or non-invasive. Invasive attack includes denial of service, attacks on information in transit, node replication attack, and routing attack. Non-invasive attack consists of side channel attacks such as power, timing or frequency based attacks [7]. In this research paper, our focus is the man-in-the-middle attack in terms of time synchronization and various geographical locations of the attacker irrespective of the attack invasiveness.

2. System Model
Basic Model: Our system model consists of a network of wireless sensor nodes which collectively comprise, by participating in, a wireless sensor network. The sensor nodes are capable of performing three fundamental functions: sensing the natural environment; processing the sensed data; and communicating with neighboring nodes through the use of radio transmissions. A node pair is

100

International Journal of Advanced Computer Science, Vol. 3, No. 2, Pp. 99-103, Feb., 2013.

neighboring in the network if and only if a bidirectional radio link can be established between them. Mobility: We do not require the sensor to be immobile however we do assume that any movement of sensors will occur at a speed that appears stationary for the duration of individual radio transmissions. Therefore, although they are mobile, yet they will be considered stationary for each individual instance of communication among pairs of nodes. Identity: We assume certain cryptographic primitives including: a unique identity for each node assigned a priori by the authority who maintains the network and private key pairs among each pair of nodes [8]. These strong cryptographic key assignments can be used to authenticate packets and confidentiality of the network. Timing: We do not assume that our sensor nodes are equipped with chip-scale atomic clocks (CSACs) [9]. CSACs deliver the accuracy and stability of an atomic clock to portable applications by consuming relatively little space and power. CSACs also provide time accuracy two orders of magnitude better than the quartz-based solution. These tiny clocks are accurate to within about less than half a microsecond per day and can effectively remediate the challenges presented by distributed time synchronization.

made by M is called the man-in-the-middle attacker.

4. Discussion
In this section, we discuss the how the detectability of a man-in-the-middle attack as mentioned in [6] can vary. First, we describe detectability in terms of the nodes radio capacity. Then, we consider the geographical location of the man-in-the-middle attacker. We demonstrate how detectability depends on the turnaround time, location, and radio capacity of the legitimate nodes and the attacker. A. Radio Capability The communication or radio capability of a sensor node is either half-duplex or full-duplex on a given channel. A half-duplex node can transmit or receive but cannot do both simultaneously. A full-duplex node is one which can simultaneously transmit and receive. A double full-duplex node has full-duplex capabilities on two independent channels. Here, we summarized the different scenarios of the [6] based on the radio model of the attacker and legitimate nodes. The Table 1 shows the detectability of the man-in-the-middle attacker based on the various channel types.
TABLE 1 Detectability of the man-in-the-middle attacker Attacker Legitimate Nodes Detectability node Half-Duplex or Full-Duplex Half-Duplex Half-duplex Yes (Always) Depends on attackers location Depends on turnaround time

3. Attacker Model
We consider a pervasive and computationally bounded man-in-the-middle adversary who can overwhelm a nodes radio hardware by transmitting or receiving beyond the nodes radio capabilities. We assume that the adversary can control any communication channel he creates and is able to eavesdrop, insert, and block arbitrary messages within it. Fig. 1 shows the attacker node along with other two legitimate nodes and a falsely perceived link (dotted line) between the two legitimate nodes A and B.

Full-Duplex

Full-Duplex Half-Duplex or Full-Duplex

Full-Duplex

Double Full-Duplex

Impossible

Fig. 1: The attacker (M) relays messages between two legitimate nodes (A and B), creating the illusion that A and B are connected. The attacker (M) receives messages from both A and B and creates a fake communication link between A and B. Both A and B assumes there they are communicating directly without any intermediate node. This type of attack

Since a half-duplex attacker cannot transmit and receive simultaneously, it will introduce more delay than the direct communication between two legitimate nodes. Therefore, it is always detectable. On the other hand, a double full-duplex attacker can inject a constant delay, and thus, cannot be detected with timing information alone [6]. If the attacker is equipped with better radio capacity compared to the legitimate nodes, detectability depends on the turn-around time of the attacker and therefore is a function of the distance between each of the nodes and the attacker.

International Journal Publishers Group (IJPG)

Mohammad Abdus Salam: Detecability of Man-in-the-Middle Attacker in Mobile Sensor Networks.

101

B. Attackers Location As stated in [6], there is proportionality between the turn-around time of a full-duplex attacker and the minimum distance required to detect the temporal distortion caused by that attacker. If the distance between the attacker and each node is greater than half the product of each respective nodes turnaround time and the speed of light, a WSN node can detect the attacker through careful timing analysis of the messages exchanged between the nodes. The minimum distances between nodes A, B and attacker M are expressed symmetrically:

communication range of each node. Next, we discuss some cases where detectability is possible and other cases where detectability is not possible.

1 2 1 MB c B 2 Here, MA is the distance between node A and attacker M. Similarly, MB is the distance between node B and attacker M, c is the speed of light, and A and B

MA c A

Fig. 3: Nodes transmission range

are the turnaround time of node A and B, respectively. If an attacker is positioned anywhere outside of ranges

MA

Case I: A and B are within direct communication range If the distance between A and B is less than r then the two legitimate sensor nodes A and B are within the direct communication range and a link can be established. In this case, it is very easy to detect the attacker M because at least 1 out of n packages received by B will come directly from A [6].

and MB , then we can detect M. On the other hand, if the attacker M is standing within range of both relationship is illustrated in Fig. 2.

MA and

MB then detection becomes impossible. This distance

Fig. 4: (Case I) Distant between attacker and node is less than r

Fig. 2: Location of attacker M with respect to other legitimate nodes A and B.

Fig. 4 (Case I) illustrates this case where A and B are less than r distance apart and the attacker M does not have the complete control of the channel. A and B can communicate directly and any delayed packet due to the attacker may be detected easily and discarded. Case II: A and B are 2rM distant away from each other The distance between A and B is between r and 2rM. In this case, direct communication between A and B is impossible and a man-in-the-middle attack may be effective, persistent and executed by a single well positioned attacker. Detection is difficult near r but becomes easier as the distance approaches 2rM through timing mechanisms described in [6]. When A and B are positioned exactly 2rM apart, the attacker is at his maximum effective range. Fig. 5 (Case II) confirms this case.

Alternatively, variations of the man-in-the-middle attack can be framed in terms of the location. For illustrative purposes we assume that legitimate nodes A, B, and attacker M are using omnidirectional antennas and their transmission ranges are rA, rB, and rM, respectively. If the distance between node A and node B is greater than minimum of rA and rB, then a link cannot be established because bi-directional communication is not possible. If the distance between node A and node B is less than r (assuming rA=rB), then the nodes can communicate each other and a link can be established. Fig. 3 illustrated the
International Journal Publishers Group (IJPG)

102

International Journal of Advanced Computer Science, Vol. 3, No. 2, Pp. 99-103, Feb., 2013.

attackers participate to establish a link between two legitimate nodes, it will be easy to detect the presence of attackers because of the imposed longer turnaround time by the attackers.

Fig. 5: (Case II) Distant between nodes A and B is 2rM

Case III: A and B are more than 2rM distance away from each other The distance between A and B is greater than 2rM. Man-in-the-middle attacks are executable only by multiple attackers and are easy to detect for fixed turn-around times. Fig. 6 (Case III) illustrates this case. In this scenario, A and B cannot communicate directly and the attackers have the complete control over the channel. As the distance between A and B goes further, multiple attackers may participate in establishing a link between A and B.

Fig. 8: Detectability with distances among the nodes

5. CONCLUSIONS
In this paper, we presented a timing and location-based analysis of man-in-the-middle attack scenarios. When an attacker uses same technology as the legitimate nodes, the attack will always be detectable. Whereas, if the attacker is using more sophisticated equipment such as double full-duplex radio channel then it is impossible to detect the attacker. Moreover, full-duplex attackers may or may not be detectable depending on location of the attacker and the turnaround times of the nodes. Further research may include the utilization of chip-scale atomic clock in various sensor nodes. Moreover, the utilization of geographical positioning system to detect the location of sensor nodes is also an important area to explore further.

Fig. 6: (Case: III) Distant between nodes A and B is greater than 2rM

In case of multiple man-in-the-middle attackers such as, M1 and M2, as shown in Fig. 7, they will incur more delay in the network compared to a single attacker. Moreover, if we consider multiple attackers combine effect as a single effect, we will get dotted red rectangle. We can use the turnaround time and location of the attacker to detect the attacker M whether it is closer or further from any node.

Acknowledgment
The author would like to recognize and thank Kevin B. Bush for his conceptual and editorial contributions to this work.

References
Fig. 7: Multiple man-in-the-middle attackers cooperating to create the illusion of one link between A and B

We can summarize the above various cases by Fig. 8 in terms of their distances and detectability. When the legitimate nodes are within their direct communication link, it is easy to detect the attacker. When the legitimate nodes depart beyond the direct communication range, the attacker can take the advantages of their distances, and it will be hard to detect the attacker through timing analysis only. Beyond the distance 2rM, if multiple man-in-the-middle

[1] M. Salam, O. Soysal, and H. Schneider, Integration of wireless sensor networks in geographical information systems: a survey, the 2010 international conference on modeling, simulations & visualization methods, July 12-15, 2010, Las Vegas, Nevada, USA. [2] G. Tolle, J. Polastre, R. Szewczyk, N. Turner, K. Tu, S. Burgess, D. Gay, P. Buonadonna, W. Hong, T. Dawson, and D. Culler, A microscope in redwoods, in SenSys 05, November 2005. [3] Y. Chen, S. Son, A fault tolerant topology control in wireless sensor networks, in proceedings of the International Journal Publishers Group (IJPG)

Mohammad Abdus Salam: Detecability of Man-in-the-Middle Attacker in Mobile Sensor Networks.

103

[4]

[5]

[6]

[7]

[8]

[9]

ACS/IEEE 2005 International Conference on Computer Systems and Applications, 2005. L. Lamport, R. Shostak, and M. Pease, The Byzantine Generals Problem, ACM Transactions on Programming Languages and Systems, Vol. 4, No. 3, July 1982, Pages 382-401. S.Guo, Z. Zhong, T. He, FIND: Faulty node detection for wireless sensor networks, in the SenSys 09, November 4-6, Berkeley, CA, USA. J. Chiang, J. Haas, Y. Hu, P. Kumar, and J. Choi, Fundamental limits on secure clock synchronization and man-in-the-middle detection in fixed wireless networks, in Proceedings of INFOCOM. IEEE, 2009. M. Healy, T. Newe, and E. Lewis, Security for wireless sensor networks: a review, IEEE sensor applications symposium, New Orleans, LA, USA, February 17-19, 2009. A. Perrig, R. Szewczyk, V. Wen, D. Cullar, and J. Tygar, SPINS: Security protocols for sensor networks, in proceedings of the 7th ACM International Conference on Mobile Computing and Networking (Mobicom01). Chip-scale atomic clock, Available: http://www.symmetricom.com/csac/.

Mohammad Abdus Salam is an Associate Professor in the Department of Computer Science at Southern University, Baton Rouge, Louisiana. He received his BS degree in Electrical and Electronics Engineering from Bangladesh Institute of Technology, Rajshahi in 1991 and MS and Ph.D. degrees from Fukui University, Japan, respectively in 1998 and 2001. Prior to 2005, he worked as an adjunct faculty member of Mathematics and Computer Science at the City University of New York at York College, and as a postdoctoral fellow in the Department of Electrical and Computer Engineering at the University of South Alabama, Mobile, Alabama. He is a senior member of IEEE. His research interests include wireless communication, error-control coding, and sensor networks.

International Journal Publishers Group (IJPG)