An RSSI-based Scheme for Sybil Attack Detection in Wireless Sensor Networks Murat Demirbas, Youngwhan Song Department of Computer Science and Engineering Department State University of New York at Buffalo Buffalo, NY 14260-2000 Email: {demirbas, ywsong}@cse.buffalo.edu Abstract— A sybil node impersonates other nodes by broad- casting messages with multiple node identifiers (ID). In contrast to existing solutions that are based on sharing encryption keys, we present a robust and lightweight solution for sybil attack problem based on received signal strength indicator (RSSI) readings of messages. Our solution is robust since it detects all sybil attack cases with 100% completeness and less than a few percent false positives. Our solution is lightweight in the sense that alongside the receiver we need the collaboration of one other node (i.e., only one message communication) for our protocol. We show through experiments that even though RSSI is time-varying and unreliable in general and radio transmission is non-isotropic, using ratio of RSSIs from multiple receivers it is feasible to overcome these problems. In this paper we report on experimental evaluation of our implementation. I. I NTRODUCTION The term sybil attack is introduced in [2] to denote an attack where the attacker (sybil node) tries to forge multiple identification in a certain region. Sybil attack is particularly easy to perform in wireless sensor networks (WSN) where the communication medium is broadcast, and same frequency is shared among all nodes. By broadcasting messages with multiple identifications, a sybil node can rig the vote on group- based decisions and also disrupt network middleware services severely. Existing solutions for sybil attack prevention are too costly for the resource-poor sensor platforms, such as the popular Berkeley mote platform [6]. Motes have very limited com- putational resources (e.g., 8K RAM, 4Mhz CPU) and are energy constrained; thus, algorithms that impose an excessive communication burden on nodes are not acceptable since they drain the battery power quickly. Solutions [4], [10] that adopt key exchange to vouch identification severely effect the energy consumption due to distribution and piggybacking of randomly generated keys in messages. Moreover, they consume precious memory space as every node is required to store pairwise keys with neighbors. A received signal strength indicator (RSSI) based solution for sybil attack is desirable as it does not burden the WSN with shared keys or require piggy backing of keys to messages. Ideally, upon receiving a message, the receiver will associate the RSSI of the message with the sender-id included in the message, and later when another message with same RSSI but with different sender-id is received, the receiver would com- plain of a sybil attack. However, due to the unreliable, time- varying nature of RSSI [8], [15], this scheme fails. Moreover, since it is very easy to change the transmission power [3] in WSN, a sybil node can send messages with different IDs using varying transmission power to trick the receiver. Since RSSI is a function of transmission power, different transmission powers will lead to different RSSI readings. Contributions of this paper In this paper, we report on our implementation of a robust and lightweight solution for detecting sybil attack in WSN using RSSI. Our solution is robust since it detects all sybil attack cases with 100% completeness and very good accuracy (less than a few percent false positives.) Our solution is lightweight in the sense that alongside the receiver we need the collaboration of one other node (i.e., only one message communication) for our protocol. To the best of our knowl- edge, this is the first implemented solution for sybil attack detection on the WSN platform. We show through experiments that even though RSSI is unreliable and time-varying in general and radio transmission is non-isotropic [15], using ratio of RSSIs from multiple receivers it is possible to overcome these problems easily. Use of ratio of RSSIs from multiple receivers was introduced in [14], however, this is the first time that this technique is implemented in practice. We show through experiments that using one receiver there is a lot of variation on RSSI values, however using multiple receivers and ratio of RSSIs the time- variance of RSSI is overcome and the standard deviation is very small. We give confidence intervals for this variance from our experiments at varying distances. To achieve a lightweight solution, we first point out that we do not need calculation of sender’s position. So we relax the computation requirements of [14] by avoiding calcula- tion of fading through distance. Moreover, we show through experiments that even for a 3-D coordinate system, for sybil node detection, two nodes is enough rather than four receiver nodes that is required in the theory [14]. We show that using two receivers 100% completeness and less than a few percent false positive rate is possible in practice. Our software for the sybil attack detection program and experiments are available at http://www.cse.buffalo. edu/ ∼ ywsong/data/yw Sybil SourceCode.zip