無線感測網路的應用範圍廣泛，其中包含了軍事與保全等用途，因此無線感測網路的安全議題也一直受到重視。另一方面，眾所周知不同的電子裝置上有不同的時鐘偏斜(clock skew)，而近年的研究更發現經由網路封包上的時間郵戳所測量而得的時鐘偏斜可以精確至足以作為硬體裝置的辨識指紋。隨後的研究進一步利用這個概念，透過氾濫式時間同步協定(FTSP)來測量網路內各感測器的時鐘偏斜，並建議可利用其唯一性以防範Sybil攻擊或複製攻擊等偽造身分的安全攻擊。本篇論文提出的方法是讓感測器節點嘗試模擬在執行時間同步協定時，同時計算出來的其他節點的時鐘偏斜，並藉此通過前述依據時鐘偏斜的節點辨別方法的偵測。我們嘗試去修改每一個FTSP傳出封包時的時間郵戳，以至於讓目標節點計算出偽造的時鐘偏斜。本論文分析攻擊節點與被偽裝節點在時間同步過程中的動作，並反向推導出偽造時鐘偏斜所需要的時間郵戳的演算法。實驗結果顯示，偽造出來的時鐘偏斜其精確度可以達到0.03ppm，遠低於時鐘偏斜本身的震盪幅度。因此根據現存的偵測工具，將難以分辨偽造時鐘偏斜與正常偏斜的不同。

The widespread applications of wireless sensor networks (WSNs), including of military and surveillance purposes, make security issues a dispensable research field for the development of WSNs. It is well known that each electronic clock has different clock skew and it is very hard to find two clocks with exactly the same clock skew. A research in several years ago demonstrates that one can measure the clock skew of some remote physical device via the timestamp included in network packets, and in most cases the measured clock skews are precise enough to be used as fingerprints of remote devices. One following project utilizes flooding time synchronization protocol (FTSP) to measure clock skews of all sensor motes inside a WSN and suggests that clock skew can be used to detect Sybil attack or replication attack. This research tries to approach via the opposite side by developing an algorithm to calculate the necessary fake timestamps such that the measured clock skew is indistinctive to the imitated origin. Experiments are performed on physical devices, and the results show that the average of difference between the origin skew and the imitated one is about 0.03ppm, which is much lower than the natural fluctuation range of any measured skew. We thus conclude that timestamp, like othe information, must be secured before we can use it on identification purpose.

[1] Mohamed Hefeeda and Majid Bagheri, "Wireless Sensor Networks for Early Detection of Forest Fires," The Fourth IEEE International Conference on Mobile Adhoc and Sensor Systems 2007 (MASS 2007), pp.1-6, 8-11 Oct. 2007.
[2] Tanya Roosta, Shiuhpyng Shieh, and Shankar Sastry, “Taxonomy of Security Attacks in Sensor Networks and Countermeasures,” The First IEEE International Conference on System Integration and Reliability Improvements, Hanoi, Vietnam, Dec. 2006.
[3] V. Vijayalakshmi, T.G. Palanivelu, and N. Agalya, "Secure Time Synchronization against Malicious Attacks for Wireless Sensor Networks," First International Conference on Emerging Trends in Engineering and Technology (ICETET 2008), pp. 218-222, 16-18 Jul. 2008.
[4] Fei Hu, Steve Wilson, and Yang Xiao, "Correlation-Based Security in Time Synchronization of Sensor Networks," IEEE Wireless Communications and Networking Conference (WCNC 2008), pp.2525-2530, 31 Mar.-3 Apr. 2008.
[5] Hui Song, Sencun Zhu, and Guohong Cao, "Attack-resilient Time Synchronization for Wireless Sensor Networks," The 2nd IEEE International Conference on Mobile Adhoc and Sensor Systems Conference (MASS 2005), pp. 765-772, 7-10 Nov. 2005.
[6] John R. Douceur, “The Sybil Attack,” The 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), Cambridge, MA, USA, 7-8 Mar. 2002.
[7] James Newsome, Elaine Shi, Dawn Song , and Adrian Perrig, “The Sybil Attack in Sensor Networks: Analysis & Defenses,” in Proceedings of The 3rd International Symposium on Information Processing in Sensor Networks (IPSN’04), Apr. 2004.
[8] Huirong Fu, S. Kawamura, Ming Zhang, and Liren Zhang, "Replication Attack on Random Key Pre-distribution Schemes for Wireless Sensor Networks," Information Assurance Workshop 2005 (IAW '05), Proceedings from the Sixth Annual IEEE SMC, pp. 134-141, 15-17 Jun. 2005.
[9] Tadayoshi Kohno, Andre Broido, and K.C. Claffy , “Remote Physical Device Fingerprinting,” in IEEE Transactions on Dependable and Secure Computing, Vol. 2, No. 2, pp. 93-108, Apr.-Jun. 2005.
[10] Ding-Jie Huang, Wei-Chung Teng, Chih-Yuan Wang, Hsuan-Yu Huang, and Joseph M. Hellerstein, "Clock Skew Based Node Identification in Wireless Sensor Networks," IEEE Global Communications Conference (GLOBECOM 2008), 30 Nov.-4 Dec. 2008.
[11] Miklós Maróti, Branislav Kusy, Gyula Simon, and Ákos Lédeczi, “The Flooding Synchronization Protocol,” in Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems (SenSys), pp. 39-49, Nov. 2004.
[12] Saurabh Ganeriwal, Ram Kumar, and Mani B. Srivastava, “Timing-Sync Protocol for Sensor Networks,” The First ACM Conference on Embedded Networked Sensor System (SenSys 2003), pp. 138–149, Nov. 2003.
[13] Yih-Chun Hu, Adrian Perrig, and David B. Johnson, "Wormhole Attacks in Wireless Networks," IEEE Journal on Selected Areas in Communications, Vol. 24, No. 2, pp. 370-380, Feb. 2006.
[14] TinyOS Official Website : http://www.tinyos.net.