Defending Malicious Collision Attacks in Wireless Sensor Networks Phillip Reindl and Kendall Nygard Department of Computer Science North Dakota State University Fargo, North Dakota, 58102, USA e-mail: {phillip.reindl, kendall.nygard}@ndsu.edu Xiaojiang Du Dept of Computer and Information Sciences Temple University Philadelphia, Pennsylvania, 19122, USA e-mail: dux@temple.edu Abstract—Security is an important issue for sensor networks deployed in hostile environments, such as military battlefields. The low cost requirement precludes the use of tamper resistant hardware on tiny sensor nodes. Hence, sensor nodes deployed in open areas can be compromised and used to carry out various attacks on the network. In this paper, we consider the collision attack that can be easily launched by a compromised (or hostile) node: a compromised node does not follow the medium access control protocol and cause collisions with neighbor transmissions by sending a short noise packet. This attack does not consume much energy of the attacker but can cause a lot of disruptions to the network operation. Due to the wireless broadcast nature, it is not trivial to identify the attacker. In this paper, we propose a distributed scheme that is based on low-cost hardware and can effectively identify the source of a collision attack. Our scheme is based on analyzing physical-layer Received Signal Strength Index (RSSI) readings. We show that correct identification of an adversarial node can be achieved with greater than 85% accuracy. We further present a technique that degrades gracefully as the background noise increases. Keyword -security; collision attacks; sensor networks I. INTRODUCTION Security is an important and challenging issue in wireless sensor networks. A widely used attack model assumes that a sensor node does not have tamper resistant hardware (due to cost reason) and may be compromised in the field. A compromised node may be used to carry out various malicious attacks on the network. Several attacks on sensor nodes/networks have been studied, such as selective forwarding attack, wormhole attack, sinkhole attack, and Sybil attack [1]. In this paper, we study the malicious collision attack that can be easily launched by a compromised (or hostile) sensor node. In a collision attack, an attacker node does not follow the medium access control protocol and cause collisions with neighbor node’s transmissions by sending a short noise packet. This attack does not consume much energy of the attacker but can cause a lot of disruptions to the network operation. Due to the wireless broadcast nature, it is not trivial to identify the attacker. In this paper, we present a distributed scheme that is based on low-cost hardware and can effectively identify the source of a collision attack. Basically, our scheme identifies the attacker by analyzing the physical-layer Received Signal Strength Index (RSSI) readings at neighbor nodes. RSSI readings are inherently unreliable due to the variability of the wireless medium. We overcome this unreliability through distributed sampling and centralized analysis of the RSSI readings. It has been shown that for multiple transmissions from a single source, the ratio of RSSI readings from neighbor nodes remains constant [2]. We leverage this fact to create unique fingerprints for nodes in a sensor network. The fingerprints are used for identifying the source of a collision attack with high confidence. Most past work considered a homogeneous sensor network, where all nodes have the same (or similar) capabilities. In this work, we adopt a Heterogeneous Sensor Network (HSN) model that consists of a small number of powerful High-end sensors (H-sensors), in addition to a large number of small Low-end sensors (L-sensors). H- sensors have better capabilities than L-sensors in terms of communication, computation, energy supply, storage space, and other aspects. In our research, we take advantage of the strong capabilities of H-sensors for designing efficient and effective security schemes. The rest of the paper is organized as follows: We discuss the related work in Section II, and describe the wireless fingerprinting framework in Section III. In Section IV, we present several effective schemes for identifying the source of a collision attack, and we report the experimental results in Section V. We conclude this paper in Section VI. II. RELATED WORK Demirbas and Song [2] developed a scheme for detecting the Sybil attack [1] by using the RSSI values from at least two detecting nodes. They showed that while the RSSI values for a given node vary greatly between transmissions, the ratio of RSSI values seen by two nodes for a given source is consistent. However, the goal in [2] is simply to determine whether two transmissions were from the same source, [2] did not present any practical techniques for determining the source of malicious transmission collisions in sensor networks. Furthermore, [2] only considered homogeneous sensor networks. Our work addresses a more difficult issue of identifying the source of a malicious collision. Also, we considered a HSN and utilized more powerful H-sensors. Law, et al., [3] considered an attack where an outsider deploying a jamming network in the same area as the target network. They presented schemes for efficient jamming,