A Novel Secure Localization Approach in Wireless Sensor Networks

Wireless sensor networks (WSNs) [1] have increasingly drawn attentions of researchers in the areas of wireless communication, sensor technology, distributed systems, and embedded computing. These sensor networks consist of a large number of low-cost, low-power, and multifunctional sensor nodes that communicate through wireless media. Various WSN applications have been proposed, for example, military target tracking, environment monitoring, medical treatment, emergency rescue and smart home, and so forth. A fundamental requirement in the above applications is the location awareness of the system. Therefore, the acquisition of sensors' location becomes an important issue since sensing results without location information are mostly inapplicable. Considering the nature of random deployment of most sensor networks, it is laborious, if not impossible, to predetermine the location of each sensor node before deployment. A common approach in most localization schemes is to use enough special nodes, called locators or beacons, which can obtain their locations by GPS or from infrastructure. Locations of normal sensor nodes are then estimated by interacting with locators to obtain the distance or angle information. Once the location information of at least three noncollinear locators are available, the relative positions of the sensors can be converted into physical positions.

Energy efficiency, accuracy and security account for the major metrics in localization systems. The former two metrics have already been investigated for nearly a decade and a large amount of achievements [2‐4] have been published. The security, however, has been addressed only in recent years. In practice, localization schemes in WSNs may work under the adversarial scenario where malicious attacks exist. For example, a simple replay attack [5] can modify the distance measurement, leading to the malfunction of the localization schemes. Therefore, it is necessary to design a secure localization scheme which can be competent in the hostile environment.

There are many different kinds of attackers in the hostile wireless sensor networks. Generally, these attackers can be classified into two categories, external attackers and internal attackers [6]. External attackers can distort the network behavior without the system's authentication, while internal attackers are authenticated ones, and thus, more dangerous to the system security. Most attacks in WSNs are coming from the aforementioned two types of attackers. For instance, the wormhole attack [7] is conducted by two colluding external attackers, and the false position and distance dissemination attack [8] is accomplished by an internal attacker.

In range-based localization procedure, the internal attackers can revise the measured distances randomly to disrupt the localization. This kind of attack can be defended using the consistency check method proposed in [9]. However, if the attackers do not revise the measured distances randomly, but make the modified distances be consistent, which is called the distance-consistent spoofing attack, the strategy proposed in [9] will be failed under this scenario. In this paper, the distance-consistent spoofing attack in WSNs is therefore investigated, based on which we propose an attack-resistant localization scheme, called basic TSCD (Temporal Spatial Consistent based Detection) secure localization. By further exploring the consistency and the mobility properties of the sensor, enhanced TSCD and mobility-aided TSCD schemes are proposed, respectively, to improve the localization performance. Simulation results demonstrate that our proposed schemes achieve better performance than existing approaches under the same network settings.

The main contributions of this paper are summarized as follows.

The remainder of this paper is organized as follows. In Section 2, we provide the related work on secure localization. Section 3 gives the problem statement and Section 4 summarizes four secure properties of wireless communication in WSNs. In Section 5, the basic TSCD, enhanced TSCD, and mobility-aided TSCD schemes are proposed as well as the theoretical analysis. Section 6 presents the performance evaluation and Section 7 concludes the paper and puts forward our future work.

There have been some recent achievements [5] on secure localization. In [10], message authentication is used to prevent wholesale beacon location report forgeries, and a location reporting algorithm is proposed to minimize the impact of compromised beacons. Lazos et al. propose a robust positioning system called ROPE [11] that allows sensors to determine their locations without centralized computation. In addition, ROPE provides a location verification mechanism that verifies the location claims of the sensors before data collection. DRBTS [12] is a distributed reputation-based beacon trust security protocol aimed at providing secure localization in sensor networks. Based on a quorum voting approach, DRBTS drives beacons to monitor each other and then enables them to decide which should be trusted.

To provide secure location services, Liu et al. [13] introduce a suit of techniques to detect malicious beacons that supply incorrect information to sensor nodes. These techniques include a method to detect malicious beacon signals, techniques to detect replayed beacon signals, the identification of malicious beacons, the avoidance of false detections, and the revoking of malicious beacons. By clustering of benign location reference beacons, Wang et al. [14] propose a resilient localization scheme that is computational efficiency. In [15], robust statistical methods are proposed, including triangulation and RF-based fingerprinting, to make localization attack-tolerant. SPINE [8] is a range-based positioning system that enables verifiable multilateration and verification of positions of mobile devices for secure computation in the presence of attackers. In [16], a secure localization scheme is presented to make the location estimation of the sensor secure, by transmission of nonces at different power levels from the beacon nodes. In [17], Chen et al. propose to make each locator build a conflicting-set and then the sensor can use all conflicting sets of its neighboring locators to filter out incorrect distance measurements of its neighboring locators. The limitation of the scheme is that it only works properly when the system has no packet loss. As the attackers may drop the packets purposely, the packet loss is inevitable when the system is under a wormhole attack. The distance-consistency-based secure localization scheme proposed in [18, 19] can also tolerate the packet loss.

By localizing the sensor node with directional antennae equipped on locators, SeRLoc [20] is robust against wormhole attacks, sybil attacks and sensor compromises. On the basis of SeRLoc, HiRLoc [21] further utilizes antenna rotations and multiple transmit power levels to provide richer information for higher localization resolution. Liu et al. [9] propose two secure localization schemes. The first one is attack-resistant Minimum Mean Square Estimation, which filters out malicious beacon signals by the consistency check. The other one is voting-based location estimation. However, SeRLoc requires directional antennae which are complex in real deployment. The schemes in [9] would fail under the distance-consistent spoofing attack when the attacked location references are malicious colluding ones, that is, consistent. The TSCD secure localization scheme, proposed in this paper, is able to conquer both the two drawbacks. It does not require any complex hardware, and works well even when the revised distance measurements of the attacked locators are consistent. In addition, it consumes less computation time than that of [9] while obtaining better performance.

In this section, the network model and related assumptions as well as the localization approach are given, followed by the attack model which we focus on.

In this section, we summarize the characteristics of a WSN as four secure properties when it is under a distance-consistent spoofing attack: the temporal property of the locators, the spatial property of the locators, the consistent property of the legitimate locators, and the consistent property of the attacked locators. The detection schemes are therefore proposed based on the corresponding properties. Though the detection schemes based on the temporal and spatial properties have been used in [20] and the detection scheme based on the consistent property of legitimate locators has been used in [9], we jointly use these properties to defend against the distance-consistent spoofing attack.

In this section, we propose three novel schemes that apply the properties described in the previous section. We first propose a secure localization scheme, namely basic TSCD (B-TSCD), which applies the temporal property, spatial property, and consistent property of attacked locators. Based on B-TSCD, we also propose an enhanced TSCD (E-TSCD) scheme which further applies the consistent property of legitimate locators. Another extended scheme, called mobility-aided TSCD (M-TSCD), is further designed to improve the overall performance. At the end, we analyze the theoretical probability of identifying all the attacked locators and the computational complexity of these schemes.

In this section, we evaluate the performance of our proposed schemes in terms of the probability of successful localization and time consumption. The localization is considered successful if the distance difference between the estimated position and the real position of the sensor is less than a threshold. Because of the existence of the distance measurement error, the sensor's position estimated by the localization algorithm cannot be the same as its real position even there has no attack at all. When the attack exists, the sensor's estimated position may be further deviated. Therefore, we consider the localization of the sensor to be successful under the attack if the distance between the estimated position without the attack and the real position, say , and the distance between the estimated position with the attack detection and the real position, say , satisfy the condition . That is, the localization is considered successful if the impact of the attack on the localization is bounded by the double of the distance measurement error. We also interest in the time consumption cost of the proposed algorithms considering the energy-constrained nature of sensor nodes. As the communication cost is similar among different algorithms, the difference of time consumption cost indicates the effectiveness of these algorithms.

We adopt the following parameters in our simulation: the transmission range  m; the density of locators (with the average degree of the network equals to 4.24); the standard deviation of the distance measurement error ; the threshold of the mean square error used in the consistent property is 1. The label of the axis denotes the ratio of the distance between the sensor and the attacker to the transmission range .

Figure 4 shows the performance comparison of the following schemes: the scheme using only the temporal and spatial properties (TSD), the scheme using the consistency property of legitimate locators (CD) [9], B-TSCD, E-TSCD and M-TSCD. For the M-TSCD scheme, we assume that the sensor conducts the localization periodically and we denote the distance for two consecutive localization processes as the length of one step. We can see that all TSCD schemes yield much better performance than the other two schemes, especially when is less than 2. Among these TSCD schemes, E-TSCD achieves an improvement over B-TSCD, and M-TSCD outperforms E-TSCD.

As the signals from attacked locators always come later than that from legitimate ones, an intuitive approach, referred to as first-three-locators scheme, is to only take the first-three-signals from neighboring locators into account for the sensor's localization. However, due to the existence of distance measurement errors, the first-three-locators scheme will deteriorate the localization accuracy remarkably. The reason is that it takes no account of the remaining legitimate locators when there exist more than three legitimate locators. Figure 5 shows the performance comparison of the first-three-locators scheme and the B-TSCD scheme at different densities of locators. The simulation result shows that the B-TSCD scheme outperforms the first-three-locators scheme dramatically for all densities of locators.

The effects of on the performance of B-TSCD and E-TSCD are shown in Figures 6(a) and 6(b), respectively. From both figures, we can see that as the increases, the probability of successful localization also increases. This is mainly because the increase of enlarges the probability of detecting at least two attacked locators by the temporal and spatial properties. However, when is large enough, the improvement of increasing is insignificant. The performance of B-TSCD, when is large, is similar to that of E-TSCD. Therefore, A tradeoff can be made between hardware deployment (applying B-TSCD when is large) and computation capability (applying E-TSCD).

The effect of the step length on the performance of M-TSCD is shown in Figure 7, compared to the E-TSCD scheme. It can be observed that M-TSCD with different step lengths all outperform E-TSCD. For M-TSCD, the performance is increased when the step length increases. However, as the step length increases, the probability that the historical data are valid also gets lower. To get the best performance, a tradeoff of the step length should also be taken into account.

Figure 8 validates the correctness of the theoretical analysis of the probability of successfully identifying all attacked locators. The maximum difference between the simulation and the mathematical result is about 3%, showing that the theoretical analysis matches the simulation result quite well.

To study the time consumption of each scheme, we conducted 20,000 times self-localization in a simulation program running on a PC with Pentium 2.4 G CPU. Figure 9 shows the time consumed by TSD, CD, B-TSCD, E-TSCD, and M-TSCD, respectively. Apparently, TSD scheme is the most timesaving and CD scheme consumes the most time since the detection scheme D3 is the most time-consuming scheme. As E-TSCD uses the detection scheme D3 when fewer than two attacked locators are detected by the detection schemes D1 and D2, it requires more time than B-TSCD. Compared to E-TSCD, M-TSCD increases the probability of detecting at least two attacked locators, which lowers the probability to use the detection scheme D3. Therefore, M-TSCD always consumes less time than E-TSCD, and does less than B-TSCD when is over 1.5. When the is over 2.5, M-TSCD is even comparable to TSD.

Figures 10, 11, and 12 show the effects of the packet loss on the performance of B-TSCD, E-TSCD and M-TSCD secure localization schemes, respectively. For the packet loss, we assume that when the distance between two nodes is less than , there is no packet loss; when is within [ ], the probability of packet loss is , where . From Figures 10, 11, and 12, we can find that when increasing the packet loss ratio (reducing ), the secure localization performance of our proposed three schemes will descend. However, even when , the descending scales of the performance of the three schemes are limited (less than 10%), which indicates that our proposed schemes are effective when the packet loss exits.

In this paper, we address the distance-consistent spoofing attack in hostile wireless sensor networks and discuss the drawbacks of the existing secure localization schemes. Based on the secure properties of wireless communication under the distance-consistent spoofing attack, we propose three secure localization schemes: basic TSCD, enhanced TSCD and mobility-aided TSCD. We evaluate the performances of our proposed schemes and compare them with exiting schemes by simulations. The simulation results demonstrate that our schemes outperform the existing schemes under the same network parameters.

In this paper, we assume that no region is attacked by multiple attacks simultaneously. When a sensor is attacked by several attacks simultaneously, it will be very complicated and difficult to obtain secure localization. A potential solution is to separate the localization from the attack detection. That is, when multiple attacks are detected, the system can try to identify the locations of the attackers and then eliminate them. We will focus on the detection of multiple attacks and the localization of the attackers in the future work. In the M-TSCD scheme, we have a precondition that the distance between two consecutive localization processes is relatively short so that when a distance-consistent spoofing attack occurs on the current state it is impossible for another different distance-consistent spoofing attack to occur on the previous state or the next state. A possible solution to release this precondition is to verify whether it is attacked by the same attacker by checking its neighborhood of the two consecutive states. The M-TSCD scheme will be conducted only if the node verifies that it is attacked by the same attacker on the two consecutive states. Thus, the other direction of our future work is to release this precondition.