Basic Search / Detailed Display

Author: 葉致宏
Chih-Hung Yeh
Thesis Title: 植基於氾濫式時間同步協定之時鐘偏斜模仿方法
An Approach of Imitating the Clock Skew of Sensor Nodes Based on Flooding Time Synchronization Protocol
Advisor: 鄧惟中
Wei-Chung Teng
Committee: 雷欽隆
Chin-Laung Lei
Wen-Guey Tzeng
Tien-Ruey Hsiang
Degree: 碩士
Department: 電資學院 - 資訊工程系
Department of Computer Science and Information Engineering
Thesis Publication Year: 2009
Graduation Academic Year: 97
Language: 中文
Pages: 38
Keywords (in Chinese): 無線感測網路時鐘偏斜時間同步複製攻擊
Keywords (in other languages): WSNs, Clock Skew, Time Synchronization, Replication Attack
Reference times: Clicks: 220Downloads: 1
School Collection Retrieve National Library Collection Retrieve Error Report
  • 無線感測網路的應用範圍廣泛,其中包含了軍事與保全等用途,因此無線感測網路的安全議題也一直受到重視。另一方面,眾所周知不同的電子裝置上有不同的時鐘偏斜(clock skew),而近年的研究更發現經由網路封包上的時間郵戳所測量而得的時鐘偏斜可以精確至足以作為硬體裝置的辨識指紋。隨後的研究進一步利用這個概念,透過氾濫式時間同步協定(FTSP)來測量網路內各感測器的時鐘偏斜,並建議可利用其唯一性以防範Sybil攻擊或複製攻擊等偽造身分的安全攻擊。本篇論文提出的方法是讓感測器節點嘗試模擬在執行時間同步協定時,同時計算出來的其他節點的時鐘偏斜,並藉此通過前述依據時鐘偏斜的節點辨別方法的偵測。我們嘗試去修改每一個FTSP傳出封包時的時間郵戳,以至於讓目標節點計算出偽造的時鐘偏斜。本論文分析攻擊節點與被偽裝節點在時間同步過程中的動作,並反向推導出偽造時鐘偏斜所需要的時間郵戳的演算法。實驗結果顯示,偽造出來的時鐘偏斜其精確度可以達到0.03ppm,遠低於時鐘偏斜本身的震盪幅度。因此根據現存的偵測工具,將難以分辨偽造時鐘偏斜與正常偏斜的不同。

    The widespread applications of wireless sensor networks (WSNs), including of military and surveillance purposes, make security issues a dispensable research field for the development of WSNs. It is well known that each electronic clock has different clock skew and it is very hard to find two clocks with exactly the same clock skew. A research in several years ago demonstrates that one can measure the clock skew of some remote physical device via the timestamp included in network packets, and in most cases the measured clock skews are precise enough to be used as fingerprints of remote devices. One following project utilizes flooding time synchronization protocol (FTSP) to measure clock skews of all sensor motes inside a WSN and suggests that clock skew can be used to detect Sybil attack or replication attack. This research tries to approach via the opposite side by developing an algorithm to calculate the necessary fake timestamps such that the measured clock skew is indistinctive to the imitated origin. Experiments are performed on physical devices, and the results show that the average of difference between the origin skew and the imitated one is about 0.03ppm, which is much lower than the natural fluctuation range of any measured skew. We thus conclude that timestamp, like othe information, must be secured before we can use it on identification purpose.

    摘要 i Abstract ii 誌謝 iii 目錄 iv 圖目錄 v 表目錄 vi 第一章 序論 1 1.1 前言 1 1.2研究背景 2 1.3動機與目的 3 1.4 論文架構 4 第二章 文獻探討 5 2.1 遠端主機指紋辨識 5 2.2 依據時鐘偏斜的節點辨別方法 6 2.3 氾濫式時間同步協定 8 2.4 複製攻擊 12 2.5 Sybil攻擊 14 第三章 研究方法 16 3.1 時鐘偏斜的關係性 16 3.2 偽造時鐘偏斜以偽裝節點的方法 18 3.3 偽裝鄰近節點(One-hop) 18 3.4 偽造遠距離節點(Multi-hop) 24 第四章 實驗 27 4.1實驗平台 27 4.2 FTSP的精密度調整 27 4.3 實驗結果 31 第五章 結論與未來工作 35 5.1 結論 35 5.2 未來工作 35 參考文獻 37

    [1] Mohamed Hefeeda and Majid Bagheri, "Wireless Sensor Networks for Early Detection of Forest Fires," The Fourth IEEE International Conference on Mobile Adhoc and Sensor Systems 2007 (MASS 2007), pp.1-6, 8-11 Oct. 2007.
    [2] Tanya Roosta, Shiuhpyng Shieh, and Shankar Sastry, “Taxonomy of Security Attacks in Sensor Networks and Countermeasures,” The First IEEE International Conference on System Integration and Reliability Improvements, Hanoi, Vietnam, Dec. 2006.
    [3] V. Vijayalakshmi, T.G. Palanivelu, and N. Agalya, "Secure Time Synchronization against Malicious Attacks for Wireless Sensor Networks," First International Conference on Emerging Trends in Engineering and Technology (ICETET 2008), pp. 218-222, 16-18 Jul. 2008.
    [4] Fei Hu, Steve Wilson, and Yang Xiao, "Correlation-Based Security in Time Synchronization of Sensor Networks," IEEE Wireless Communications and Networking Conference (WCNC 2008), pp.2525-2530, 31 Mar.-3 Apr. 2008.
    [5] Hui Song, Sencun Zhu, and Guohong Cao, "Attack-resilient Time Synchronization for Wireless Sensor Networks," The 2nd IEEE International Conference on Mobile Adhoc and Sensor Systems Conference (MASS 2005), pp. 765-772, 7-10 Nov. 2005.
    [6] John R. Douceur, “The Sybil Attack,” The 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), Cambridge, MA, USA, 7-8 Mar. 2002.
    [7] James Newsome, Elaine Shi, Dawn Song , and Adrian Perrig, “The Sybil Attack in Sensor Networks: Analysis & Defenses,” in Proceedings of The 3rd International Symposium on Information Processing in Sensor Networks (IPSN’04), Apr. 2004.
    [8] Huirong Fu, S. Kawamura, Ming Zhang, and Liren Zhang, "Replication Attack on Random Key Pre-distribution Schemes for Wireless Sensor Networks," Information Assurance Workshop 2005 (IAW '05), Proceedings from the Sixth Annual IEEE SMC, pp. 134-141, 15-17 Jun. 2005.
    [9] Tadayoshi Kohno, Andre Broido, and K.C. Claffy , “Remote Physical Device Fingerprinting,” in IEEE Transactions on Dependable and Secure Computing, Vol. 2, No. 2, pp. 93-108, Apr.-Jun. 2005.
    [10] Ding-Jie Huang, Wei-Chung Teng, Chih-Yuan Wang, Hsuan-Yu Huang, and Joseph M. Hellerstein, "Clock Skew Based Node Identification in Wireless Sensor Networks," IEEE Global Communications Conference (GLOBECOM 2008), 30 Nov.-4 Dec. 2008.
    [11] Miklós Maróti, Branislav Kusy, Gyula Simon, and Ákos Lédeczi, “The Flooding Synchronization Protocol,” in Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems (SenSys), pp. 39-49, Nov. 2004.
    [12] Saurabh Ganeriwal, Ram Kumar, and Mani B. Srivastava, “Timing-Sync Protocol for Sensor Networks,” The First ACM Conference on Embedded Networked Sensor System (SenSys 2003), pp. 138–149, Nov. 2003.
    [13] Yih-Chun Hu, Adrian Perrig, and David B. Johnson, "Wormhole Attacks in Wireless Networks," IEEE Journal on Selected Areas in Communications, Vol. 24, No. 2, pp. 370-380, Feb. 2006.
    [14] TinyOS Official Website :