1. Field of the Invention
The present invention relates generally to a wireless sensor network. More particularly, the present invention relates to a method and system for detecting a suspicious frame in a wireless sensor network.
2. Description of the Related Art
A wireless sensor network typically includes sensor nodes and a sink node. Each sensor node comprises a miniaturized radio transceiver that can collect data through a sensor, process the collected data through a processor, and send the processed information. The sink node collects information from the sensor nodes and transfers the same to the outside. In a conventional wireless sensor network, numerous sensors located in a particular region senses a preset target and sends the sensed data to a particular node. Connected sensor nodes of a sensor network send and receive collected information regarding temperature, illumination, humidity, upper-level node and cluster head using radio frequencies.
A wireless sensor network may have a star topology or point-to-point topology, as defined in the IEEE 802.15.4 standard, which can contribute to efficient management of energy consumption at the network layer. The star topology and point-to-point topology may have different applications. For example, when sensor nodes are peripheral devices of a personal computer, they are typically designed to have a star topology. For a security service in a vast area, sensor nodes are designed to have a point-to-point topology with clusters.
Many nodes in the star or point-to-point topology establish routing paths to send and receive data. Ad-hoc On-Demand Distance Vector (AODV) is a protocol that is used by nodes to establish a routing path for data transmission.
FIGS. 1A to 1C illustrates a conventional routing process using the AODV protocol.
In a cluster of nodes 100 to 112 in FIG. 1A, the node 100 is assumed to be the cluster head. As shown in FIG. 1B, each node calculates a distance vector (DV) in consideration of links. Calculation of a DV can be performed using a known DV algorithm, and thus a detailed description thereof is omitted. In the case when the node 107 tries to send information to the cluster head (node 100), the node 107 may select one of the paths passing through the node 108, or node 103, and node 104. The distances from the node 107 to the node 108, node 103, and node 104 are 13, 7, and 6, respectively. Hence, the node 107 selects the path passing through the node 104 because of the shortest distance. Next, the node 104 may select one of paths passing through the node 103, node 105, and node 101. The distances from the node 104 to the node 103, node 105, and node 101 are 2, 7, and 6, respectively. Hence, the node 104 selects the path passing through the node 103 because of the shortest distance. Next, the node 103 may select the path passing through the node 101. Therefore, the node 107 set the path passing through the node 104, node 103 and node 101 as the routing path to the destination node 100. In the same manner, other lowest-level nodes 108 to 112 can set their routing paths to the destination node 100, as illustrated in FIG. 1C.
Sensor nodes are capable of sending data to their desired destinations using established routing paths. However, while data is transmitted to the destination, the data may be attacked by a malicious adversary. To avoid a malicious attack, data is encrypted and then transmitted. For example, the Secure Network Encryption Protocol (SNEP) uses symmetric public-key cryptography to ensure data confidentiality, integrity, and authenticity. In the SNEP, a source node sending data encrypts the data using an encryption key (Kenc) derived from a master key and a counter value, appends a Message Authentication Code (MAC) generated using an MAC key (Kmac) to the encrypted data, and sends the encrypted data and the MAC together to a destination node.
FIG. 2 illustrates an example of a frame format.
In a majority of cases, data is transmitted between nodes in units of frames having a format illustrated in FIG. 2. A frame includes a frame header 210 and frame payload 220. The frame header 210 includes transmission control information such as frame control data, a source address and destination address. The frame payload 220 includes encrypted data and Media Access Control (MAC) data. In the use of the SNEP for encryption, the frame payload 220 containing user data is encrypted. However, the frame header 210 is mostly not encrypted because it is used for routing. If the frame header 210 is encrypted, the frame may be not routed to a desired destination. With exploitation of unencrypted header parts, a malicious adversary can easily attack the sensor network, causing various problems. There are two representative types of attacks. The first attack is related to packet sniffing with intent to send numerous abnormal packets to a particular node. In other words, an adversary can eavesdrop on packets of a normal node by packet capturing or sniffing, modify the Media Access Control data in the packets, and send the modified packets to a target node such as a sink node. The second attack is related to a relay attack. For example, an adversary can intercept a normal packet from a valid node, replace the source address of the packet with an adversary's address, and send the packet to a sink node. The sink node may be unaware of the source address modification and respond to the packet as usual, resulting in communication with the adversary.
As described above, a sensor network may be easily attacked by a malicious adversary because of unencrypted header parts. Hence, it is necessary to develop a technique to determine whether a sensor network is being attacked by an adversary, i.e., to check the normality of a sensor network.