Detecting and Localizing Identity-Based Attacks in Wireless and Sensor Networks

Wireless networks are vulnerable to identity-based attacks, including spoofing and Sybil attacks, which allows for many other forms of attacks on the networks. Although the identity of a node can be verified through cryptographic authentication, authentication is not always possible, because it requires key management and additional infrastructural overhead. In this paper, we propose a method for detecting both spoofing and Sybil attacks by using the same set of techniques. We first propose a generalized attack-detection model that utilizes the spatial correlation of received signal strength (RSS) inherited from wireless nodes. We further provide a theoretical analysis of our approach. We then derive the test statistics for detection of identity-based attacks by using the K-means algorithm. Our attack detector is robust when handling the situations of attackers that use different transmission power levels to attack the detection scheme. We further describe how we integrated our attack detector into a real-time indoor localization system, which can also localize the positions of the attackers. We show that the positions of the attackers can be localized using either area- or point-based localization algorithms with the same relative errors as in the normal case. We further evaluated our methods through experimentation in two real office buildings using both an IEEE 802.11 (WiFi) network and an IEEE 802.15.4 (ZigBee) network. Our results show that it is possible to detect wireless identity-based attacks with both a high detection rate and a low false-positive rate, thereby providing strong evidence of the effectiveness of the attack detector utilizing the spatial correlation of RSS and the attack localizer.