Random-Walk Based Approach to Detect Clone Attacks in Wireless Sensor Networks

Wireless sensor networks (WSNs) deployed in hostile environments are vulnerable to clone attacks. In such attack, an adversary compromises a few nodes, replicates them, and inserts arbitrary number of replicas into the network. Consequently, the adversary can carry out many internal attacks. Previous solutions on detecting clone attacks have several drawbacks. First, some of them require a central control, which introduces several inherent limits. Second, some of them are deterministic and vulnerable to simple witness compromising attacks. Third, in some solutions the adversary can easily learn the critical witness nodes to start smart attacks and protect replicas from being detected. In this paper, we first show that in order to avoid existing drawbacks, replica-detection protocols must be non-deterministic and fully distributed (NDFD), and fulfill three security requirements on witness selection. To our knowledge, only one existing protocol, Randomized Multicast, is NDFD and fulfills the requirements, but it has very high communication overhead. Then, based on random walk, we propose two new NDFD protocols, RAndom WaLk (RAWL) and Table-assisted RAndom WaLk (TRAWL), which fulfill the requirements while having only moderate communication and memory overheads. The random walk strategy outperforms previous strategies because it distributes a core step, the witness selection, to every passed node of random walks, and then the adversary cannot easily find out the critical witness nodes. We theoretically analyze the required number of walk steps for ensuring detection. Our simulation results show that our protocols outperform an existing NDFD protocol with the lowest overheads in witness selection, and TRAWL even has lower memory overhead than that protocol. The communication overheads of our protocols are higher but are affordable considering their security benefits.