Malicious Node Detection in Wireless Sensor Networks using Weighted Trust Evaluation

Transcription

1 Malicious Node Detectio i Wireless Sesor Networks usig Weighted Trust Evaluatio Idris M. Atakli, Hogbig Hu, Yu Che* SUNY Bighamto Bighamto, NY 1392, USA {iatakli1, hhu1, yche}@bighamto.edu Wei-Shi Ku Aubur Uiversity Aubur, AL 36849, USA weishi@aubur.edu Zhou Su Waseda Uiversity Tokyo , Japa zhousu@asagi.waseda.jp Keywords: Wireless sesor etworks, etwork security, hierarchical topology, malicious ode detectio. Abstract Deployed i a hostile eviromet, idividual odes of a wireless sesor etwork (W) could be easily compromised by the adversary due to the costraits such as limited battery lifetime, memory space ad computig capability. It is critical to detect ad isolate the compromised odes i order to avoid beig misled by the falsified iformatio ijected by the adversary through compromised odes. However, it is challegig to secure the flat topology etworks efficietly because of the poor scalability ad high commuicatio overhead. O top of a hierarchical W architecture, i this paper we proposed a ovel scheme based o weighted-trust evaluatio to detect malicious odes. The hierarchical etwork ca reduce the commuicatio overhead betwee sesor odes by utilizig clustered topology. Through itesive simulatio, we verified the correctess ad efficiecy of our detectio scheme. 1. INTRODUCTION Recet advacemets i micro-electro-mechaical systems (MEMS) ad low power ad highly itegrated electroic devices have led to the developmet ad wide applicatio of wireless sesor etworks [5], [14], [16]. Wireless sesor etworks cosist of very small devices, called sesor odes, that are battery powered ad are equipped with itegrated sesors, a data-processig uit, a small storage memory, ad short-rage radio commuicatio [17]. Typically, these sesors are radomly deployed i the field. They form a uatteded wireless etwork, collect data from the field, partially aggregate them, ad sed them to a sik that is resposible for data fusio. Sesor etworks have applicatios i emergecy-respose etworks, eergy maagemet, medical moitorig, logistics ad ivetory Mauscript submitted o Ja. 11, 28 to The Symposium o Simulatio of Systems Security (SSSS 8), Ottawa, Caada, April 14 17, 28. Correspodig author: Yu Che, Dept. of Electrical & Computer Egieerig, SUNY Bighamto, Bighamto, NY yche@bighamto.edu, Tel.: (67) maagemet, ad battlefield maagemet. I cotrast to traditioal wireless etworks, special security ad performace issues have to be carefully cosidered for sesor etworks [21]. For example, due to the uatteded ature of sesor etworks, a attacker could lauch various attacks ad eve compromise sesor devices without beig detected. Therefore, a sesor etwork should be robust agaist attacks, ad if a attack succeeds, its impact should be miimized. I other words, compromisig a sigle sesor ode or few sesor odes should ot crash the etire etwork. Aother cocer is about eergy efficiecy. I a W, each sesor ode may eed to support multiple commuicatio models icludig uicast, multicast, ad broadcast. Therefore, due to the limited battery lifetime, security mechaisms for sesor etworks must be eergy efficiet [19]. Especially, the umber of message trasmissios ad the amout of expesive computatio should be as few as possible. I fact, there are a umbers of attacks a attacker ca lauch agaist a wireless sesor etwork oce a certai umber of sesor odes have bee compromised. I literature, for istace, HELLO floodig attacks [9], sik hole attacks [9], Sybil attack [12], black hole attack [15], worm hole attacks [6], or DDoS attacks [4] are optios for a attacker. These attacks lead to aomalies i etwork behaviors that are detectable i geeral. There are some reported solutios to detect these attacks by moitorig the aomalies [9]. I this work, we addressed a eve trickier sceario. Whe a adversary has gaied cotrol over certai sesor ode(s), he/she does ot lauch direct attacks agaist the etwork. Sice oce the misbehavior is detected, the operator may forsake these compromised odes ad tur to other data sources. Istead, the attacker let those compromised odes behave ormally but report false data to the data collector. The purpose of the adversary is to mislead the operator with falsified data. This may lead to more serious cosequeces; for istace, i the battlefield a false report regardig the operatios of the eemy may lead to extra casualties SprigSim

2 I this paper, we proposed a weighted-trust evaluatio (WTE) based scheme to detect the compromised odes by moitorig its reported data. It is a light-weighted algorithm that would icur little overhead. Cosiderig the scalability ad flexibility, hierarchical etwork architecture is adopted. Through itesive simulatio, we verified that our WTE scheme detects misbehaved odes accurately with very short delay. The rest of the paper is structured as follows. I sectio 2, we briefly review the related malicious W ode detectio approaches. Sectio 3 describes our hierarchical etwork structure ad the priciple of our WTE based malicious ode detectio algorithm. The experimet setup ad simulatio results are preseted i Sectio 4. Sectio 5 wraps up this paper with a discussio about efficiecy ad implemetatio issues of our solutio. 2. RELATED WORK Wireless sesor etworks are ofte deployed i a hostile eviromet ad work without huma supervisio, idividual ode could be easily compromised by the adversary due to the costraits such as battery lifetime, smaller memory space ad limited computig capability. Security i W has bee oe of the most importat topics i the W research commuity [1], [8], [22]. Here we oly briefly review the reported works closely related to malicious ode detectio due to the limited space. It is critical to detect ad isolate the compromised odes i order to avoid beig misled by the falsified iformatio ijected by the adversary. Luo et al. [11] have poited out that ifrastructureless ad hoc etworks rarely have a real defese mechaism agaist most of the attacks, icludig both outsider ad isider attacks such as compromised ode attacks. They suggested a system desig like this if oe ode is amed trusted by certai umber of its eighborig odes, that particular ode is trusted both locally ad globally. However, sice the system uses a miimum umber of trusted odes it is ot so applicable to sesor etworks where the odes are radomly spread out. I other words, it is possible that uder certai coditios odes caot fid the miimum umber of eighborig odes i order to be amed trusted. Oe solutio for locatioized aomaly detectio i a group of odes is suggested i [4]. Every ode gets the localizatio iformatio from the eighborig odes ad also computes the localizatio iformatio itself ad compares these two values. If the differece is small eough, that ode decides there is o adversary aroud causig the localizatio problem i its locatio. Researchers also suggested detectig malicious ode usig sigal stregth [7]. The idea here is to deped o eighborhood moitorig of the odes. Every sesor ode moitors its surroudig ad wheever a trasmissio sigal is detected by a sesor ode, it would check if the sigal stregth of the trasmittig ode is compatible with the origiator ode's geographical positio. Eve though this approach is applicable, it is ot efficiet i may ways. The large overhead eeded for trasmittig data is a problem both for sedig ad processig. Also it is ot eergyefficiet sice all odes are moitorig ad processig data all the time. The work reported i [3] is the most close to our approach. They proposed to detect malicious ode by comparig its output with a aggregatio value. Ispired by the Byzatie problem, our approach is more straightforward ad icurs much less overhead sice there is o expesive calculatio ivolved. Karlof ad Wager [9] suggested to costruct efficiet radom samplig mechaisms ad iteractive proofs, the a user ca verify that the aswer give by the aggregator is a good approximatio of the true value eve whe a fractio of the sesor odes are compromised. Furthermore, i other fields Byzatie program is cosidered as a importat issue. For example, i cogitive radio etwork, Byzatie problem i spectrum sesig is also ivestigated [2]. 3. WEIGHTED TRUST EVALUATION TECHNOLOGY 3.1 Network Architecture Figure 1 demostrates the etwork architecture i which our weighted-trust evaluatio scheme is implemeted. It is a three-layer hierarchical etwork architecture, which cosists of three types of sesor odes similar to the architecture utilized i [2]: Low-power Sesor Nodes ()" with limited fuctioality; Higher-power Forwardig Nodes (FN)" that forward the data obtaied form sesor odes to upper layer; Access Poits (AP)", or called Base Statios (BS) that route data betwee wireless etworks ad the wired ifrastructure. I cotrast to sesor odes i flat ad hoc sesor etworks, sesor odes i the lowest layer of this hierarchical etwork do ot offer multi-hop routig capability to its eighbors. A umber of Sesor Nodes (s) are orgaized as a group ad cotrolled by a higher layer ode, the Forwardig Node (FN). Therefore, each sesor ode oly commuicates with its FN ad provides iformatio such as sesor readig to its FN. FNs are located o the secod layer atop the sesor ode layer ad offers multi-hop routig capability to s or other FNs. We assume the FNs are trustful ad wo t be compromised. We also assume the APs are trustful, otherwise the adversary ca iject ay data without bee detected. 28 SprigSim

3 AP AP AP Layer FN FN FN FN Layer FN FN FN Layer Figure 1. Architecture of the hierarchical W. 3.2 Malicious Nodes Detectio As metioed earlier, sesor odes i sesor etworks are usually deployed i hostile eviromets such as battlefields. Cosequetly a sesor ode may be compromised or out of fuctio ad the provides wrog iformatio that may mislead the whole etwork. This problem is called as the Byzatie problem. For example, a compromised sesor ode (malicious ode) ca costatly report icorrect iformatio to higher layers. The aggregator (FN or AP) i higher layer may make a wrog aggregatio result due to the effect of the malicious ode. It is therefore a importat issue i sesor etworks to detect malicious odes i spite of such Byzatie problem. Each FN has two wireless iterfaces, oe commuicates with lower layer odes (s), which belog to its maagemet, ad the other coects to higher layer odes Access Poits (APs). APs are located o the highest layer i a wireless etwork, ad have both wireless ad wired iterfaces. APs provide multi-hop routig for packets from s ad FNs withi radio rage, i additio to routig data to wired etworks. APs also have the fuctioality of forwardig cotrol iformatio from wired etworks to FNs ad s. This hierarchical etwork ca also be cosidered as a distributed iformatio aggregatio system. s gather iformatio ad report to its FN. Based o the iformatio collected from s, FNs compute the aggregatio result ad commit the iformatio to APs. However, sice s may be compromised ad report fake iformatio, it is importat for FNs to verify the correctess of the iformatio collected from s. Similarly, it is also desired that APs possess the ability of verifyig the committed iformatio. Table 1 summarizes the symbolic otatio used throughout this paper. Figure 2. A weight based etwork for hierarchical sesor etwork. As the first step toward the solutio to the problem, we model it ito a weight-based etwork as show i Figure 2. The etwork is adapted i the architecture betwee a group of sesor odes ad their forwardig ode. As show i the figure, a weight W is assiged to each sesor ode. The FN collects all iformatio provided by s ad calculates a aggregatio result usig the weight assiged to each : E = N = W U 1 (1) Symbol FN AP BS W E U θ r Table 1. Symbolic otatios Meaig Sesor Node Forwardig ode Access poit Base statio Weight rage Aggregatio result A sesor ode s output Weight pealty ratio The ratio of sesor odes i a cluster sedig differet report to the FN Where E is the aggregatio result ad W is the weight ragig from to 1. A essetial cocer is about the defiitio of sesor ode s output U. I practice, the output iformatio U may be false or true iformatio or cotiues umbers such as temperature readig. Thus the defiitio of output U is usually depedig o the applicatio where the sesor etwork is used. The followig issue is to update the weight of each sesor ode based o the correctess of iformatio reported. Updatig the weight of each sesor ode has two purposes. First, if a sesor ode is compromised (becomes a malicious ode) ad frequetly seds its report icosistet with the fial decisio, its weight is likely to be decreased. The if a sesor ode s weight is lower tha a specific SprigSim

4 threshold, we ca idetify it as a malicious ode. Secod, the weight also decides how much a report may cotribute to the fial decisio. This is reasoable sice if the report from a sesor ode teds to be icorrect, it should be couted less i the fial decisio. This logic is reflected i the followig equatio. W W = W θ r if ( U elsewise E) Where θ is a weighted pealty ratio. Whe the output of a sesor ode s is ot cosistet with the fial result, its weight is reduced by the weight pealty θ multiplyig r. The umber r is defied as: (2) r = m s (3) Where m is the umber of odes i the cluster sedig differet report to the FN, ad s is the total umber of odes i the cluster uder the same FN. A optimal θ value is essetial i our WTE mechaism sice it affects the detectio time ad the accuracy of the algorithm. I additio, due to various defiitios of output iformatio (U ) as metioed above, the cosistece determiatio, which decides whether a ode s output is cosistet with the fial result, is also applicatiodepedet. For example, it is easy to determie the cosistece for a false or true output. However, for a cotiuous umber of U like temperature readig, the probability distributio fuctio could be used to determie the cosistecy of the output iformatio from all sesor odes. Furthermore, a ormalizatio operatio as described i the followig equatio is used to guaratee the weight kept i the rage from to 1. W = W / max( W, LW 1 N Based o updated weights, the forwardig ode is able to detect a ode as a malicious ode if its weight is lower tha a specific threshold. This detectio algorithm ca be widely used i differet types of sesor etworks. For example, the umber of sesor odes ca vary i the algorithm, which makes it suitable for very large ad very small etworks. However, the descriptio of sesor ode output ad updatig scalig factor which are depedet o the applied applicatio eed to be determied carefully i order to achieve efficiet ad high accuracy detectio. 4. SIMULATION EXPERIMENTAL RESULTS 4.1 Simulatio Setups ) (4) Itesive simulatio experimets usig MatLab were coducted to evaluate the effectiveess of our WTE based malicious odes detectio algorithm. I the simulatio, the detectio algorithm is deployed at a forwardig ode to moitor all sesor odes uder the cotrol of the forwardig ode, ad the detectio is performed every cycle, which is a basic time uit of the simulatio. For coveiece, the output of sesor ode are either as 1 (alarm) or (o alarm). All simulatio results were recorded after the system model reached steady state. We assume that a sesor ode is compromised radomly by the attacker at a specific probability every cycle, referred to as the attack probability, ad the this malicious ode keeps reportig the opposite iformatio after compromised. For example, a malicious ode always seds alarm while the aggregatio result computed from other sesor odes is o alarm. Meawhile, a ormal sesor ode may also sed alarm whe real alarm occurs. This case also occurs radomly at a differet alarm probability : Normal Node : Detected Node : Malicious Node : Misdetected Node : Normal Node sedig Figure 3. A example of sesor odes deploymet i the simulatio. Uder the assumptio that sesor odes are desely deployed to moitor certai target. I cotrast to malicious odes, if a ormal ode started sedig alarm, its eighbor odes would also start to sed alarm after a short delay time. Furthermore, ormal alarmig odes will stop sedig alarms after a certai cycles. The ode, which is detected or misdetected as a malicious ode, is iactivated from the whole processig. The detectio is termiated after 2 cycles or more tha 25% of all odes are detected as malicious odes. Each result is calculated form a average over 1 idepedet simulatios. Figure 3 shows a example of sesor odes deploymet i the simulatio eviromet. Sesor odes are uiformly deployed i a square plae. A sesor ode may be a malicious ode, a ormal ode, or a ormal ode that 28 SprigSim

5 geeratig alarms. Three metrics are defied to evaluate the performace of the detectio algorithm. The respose time, which is the average detectio cycles of correctly detected malicious odes shows how fast malicious odes ca be detected. The Detectio rate, which is the ratio of the umber of detected malicious odes ad the umber of total malicious odes, idicates the effectiveess of our scheme. The third measure is misdetectio ratio, which is the ratio of misdetected odes to all detected odes icludig correctly detected ad misdetected odes. Actually these misdetected odes cosist of two parts: the umber of ormal odes beig treated as malicious oes ad the umber of malicious ode beig treated as ormal odes. For such a malicious ode detectio scheme, short respose time, high detectio rates are desired as well as a low misdetectio ratio. We studied the three metrics through simulatio usig differet parameters. probability are both.4. The umber of cycles that ormal odes sed alarms ad wait to stop alarms is 1 cycles. A threshold (.4) is also set for detectio determiatio as metioed earlier. Figure 4 illustrates the results with weight pealties varyig from.2 to 1. the umber of sesor odes are chage from 1 odes to 4 odes. The icreasig weight pealty reaches a shorter respose time, ad improves the detectio ratio. Ituitively the pealty value reveals the sesitivity of our detectio results agaist the variatio i reported data. However, the misdetectio ratio also icreases as weight pealty icreasig, especially after the pealty ratio becomes.8 ad greater. Cosiderig the tradeoffs amog respose time, detectio rate ad misdetectio rate comprehesively, it is reasoable to set the weight pealties values i the rage of (.4-.1). 4.3 Scalability 4.2 Weight Pealty Respose (1) Respose (4) Usig weight pealties.1 ad.5, we further evaluated the algorithm with various umbers of odes as show i Figure 5. The parameters for this experimet are the same as the first experimet Cycles Cycles Weight Pealty Respose (θ=.1) Respose (θ=.5) Ratio (a) Respose Time vs. Pealty Weights 1 Detect (1) Detect (4) Misdetect (1) Misdetect (4) Weight Pealty Ratio Number of Nodes (a) Respose Time vs. Number of Nodes Detect (θ=.1) Detect (θ=.5) Misdetect (θ=.1) Misdet (θ=.5) (b) Detectio Accuracy vs. Pealty Weights Figure 4. Impact of various Pealty Weights o system performace. The first simulatio is to fid a optimal weight pealty for the detectio algorithm. The attack probability ad alarm Number of Nodes (b) Detectio Accuracy vs. Number of Nodes Figure 5. Illustratio of the system scalability SprigSim

6 The respose time, detectio, ad misdetectio ratios are pretty stable while we icreased the umber of odes from 9 to 9, particularly whe the umber of odes is greater tha 64. This result implies that our WTE based detectio algorithm has very ice scalability as it works well uder variat etwork sizes without losig much performace. Especially if the size of etwork becomes large eough, for example, greater tha 64, the etwork size almost has o ifluece o the performace. Figure 5 also demostrates the impact of the selectio of pealty weight θ. Whe a larger value is chose (θ =.1), the system ca detect malicious ode faster ad more accurately comparig to usig smaller value (θ =.5) as show i Fig. 5(a) ad the upper two curves i Fig. 5(b). However, such a faster respose is achieved with the cost of higher misdetectio rate as show by the lower two curves i Fig. 5(b). This verifies the tradeoff amog detectio performace ad misdetectio ratio, ad shows that the system operator ca adjust the sesitivity of the pealty weight parameter θ accordig to the requiremets i differet applicatios. 4.4 Attack Probability Fially, the performace at various attack probabilities is evaluated with weight pealty.5 for 1 odes ad 4 odes cases. The attackig probability is defied as the ratio of malicious odes amog total umber of sesor odes i the etwork that is assumed could be compromised. It describes the itesity of false data that the adversary ijects ito the etwork. As idicated i the research of Byzatie Geeral Problem [1], whe the umber of malicious odes is larger tha the umber of legitimate odes, the loyalty geerals caot figure out who is the rebelled oe; Furthermore, whe there is ot ay autheticatio mechaism applied, the umber of rebel geerals has to be less tha 1/3 of the total umber of geerals if the loyal geerals wat to reach a agreemet o correct activity. I our problem, similarly, if the umber of compromised odes is larger tha 25% of the total odes, we may ot be able to detect the bad guys accurately. The upper bod of the amout of compromised odes i our simulatio is 3% of the total umber of odes. Therefore, the attack probability of 1 implies that there are 25% of the sesor odes have bee compromised. We evaluated the performace usig the respose time, detectio, ad misdetectio ratios as show i Figure 6. The icreasig attack probability meas that there are more odes beig compromised ad falsified data are iserted. As illustrated i Fig. 6(a), the respose time slightly icreases with attack probability icreasig. This makes sese that as more malicious odes appear, the aggregated data is affected more by the falsified data. While there are oly small chages observed i detectio ratios, the misdetectio ratio decreases largely as the growth of the attack probabilities, as show i Fig. 6(b). This is partially due to the icreasig umber of malicious odes that makes the false positive rate smaller. Based o the results reported above, the respose time, detectio, ad misdetectio ratios are stable i the cases large umber of odes ad high compromise probability. It demostrates that the proposed detectio algorithm is efficiet for both large etworks ad high attack probability coditios. The experimet results also show that the performace of the detectio algorithm is largely depedet o parameters studied above. Cycles Ratio Respose (1) 6.8 Respose (4) Attack Probability (a) Respose Time vs. Compromise Probability Detect (1) Detect (4) Misdetect (1) Misdetect (4) Attack Probability (b) Detectio Accuracy vs. Compromise Probability Figure 6. System performace uder differet compromise probabilities. 5. CONCLUSIONS I this paper, we proposed a ovel weighted-trust evaluatio based scheme to detect compromised or misbehaved odes i wireless sesor etworks. The basic idea is that FNs give trust values to each of the odes i the 28 SprigSim

7 cluster, if a ode seds meaigless/wrog iformatio which implies that a ode has bee compromised or out is of fuctio, the FN directly lowers that ode s trust level. It is much easier ad less complex to keep track of the odes ad it is harder to compromise most of the ode uless a attacker compromises the base statios. With a very good scalability, our approach is applicable to both small size Ws ad Ws with larger umber of odes. The oly differece to apply it to larger size Ws is to icrease the umber of FNs. Essetially, it could be treated as a ode-clusterig problem. Although there are couples of research works reported addressig the malicious ode detectio problem i Ws, it is difficult to compare the performace betwee each other. As itroduced i sectio 2, the desig assumptios ad the experimets eviromets are very differet. Particularly, lack of a comparable bechmark makes it meaigless to compare the results, i.e. detectio rate. Our approach is based o the assumptio that base statios are trusted. I fact, if the adversary ca gai cotrol over the base statios, he/she ca do ay possible attack agaist the W. This is a iterestig ope problem, however it is beyod the scope of this paper. Aother critical assumptio is that the majority of the sesor odes are workig properly. If the umber of compromised odes is more tha the umber of ormal odes, the legal odes will be reported as malicious oe ad beig isolated. Actually, i this paper we have reported merely some prelimiary results, which verified the correctess ad effectiveess of our solutio. More detailed aalysis regardig the performace of our scheme will be studied i the ogoig research ad more questios to be aswered. For istace, how is the impact of distributio of the 25% malicious odes agaist the performace of weighted-trust evaluatio? What is the behavior of our detectio scheme if the ratio of malicious odes beyod 1/3 of the sesor odes? I our progressive efforts, we are studyig the deploymet of FNs ad the ifluece of differet desities of FNs o the performace. I additio, we are settig up a testbed cosistig of more tha 64 sesor odes. That may allow us to ivestigate the differeces betwee the simulatio experimets ad what happes i real world whe real physical odes are i use. ACKNOWLEDGEMENT We d like to thak the aoymous reviewers for their valuable commets ad suggestios. REFERENCES [1] E. Ayday, F. Delgosha, ad F. Fekri, Locatio-Aware Security Services for Wireless Sesor Networks usig Network Codig, Ifocom, May 27. [2] R. Che, J. M. Park, ad K. Bia, Robust Distributed Spectrum Sesig i Cogitive Radio Networks, Techical Report TR-ECE-6-7, Dept. of Electrical ad Computer Egieerig, Virgiia Tech., July 26. [3] D.-I. Curiac, O. Baias, F. Draga, C. Volosecu, ad O. Draga, Malicious Node Detectio i Wireless Sesor Networks Usig a Autoregressio Techique, the 3 rd Iteratioal Coferece o Networkig ad Services (ICNS 7), Jue 19 25, 27, Athes, Greece. [4] W. Du, L. Fag, ad P. Nig, LAD: Localizatio Aomaly Detectio for Wireless Sesor Networks, the 19 th Iteratioal Parallel ad Distributed Priocessig Symposium (IPDPS 5), April 3 8, 25, Dever, Colorado, USA. [5] D. Estri, R. Govida, J. Heidema, ad S. Kumar, Next Cetury Challeges: Scalable Coordiatio i Sesor Networks, MOBICOM, August 1999 [6] Y. Hu, A. Perrig, ad D. Johso, Packet Leashes: A Defese agaist Wormhole Attacks i Wireless Ad Hoc Networks, IEEE INFOCOM, 23 [7] W. Juior, T. Figueriredo, H.-C. Wog, ad A. Loureiro, Malicious Node Detectio i Wireless Sesor Networks, the 18 th Iteratioal Parallel ad Distributed Priocessig Symposium (IPDPS 4), April 26 3, 24, Sata Fe, Nex Mexico, USA. [8] C. Karlof, N. Sastry, ad D. Wager, TiySec: A Lik Layer Security Architecture for Wireless Sesor Networks, ACM Sesys, November 24. [9] C. Karlof ad D. Wager, Secure Routig i Wireless Sesor Networks: Attacks ad Coutermeasures, Joural of Ad Hoc Networks, Elsevier, 23 [1] L. Lamport, R. Shostak, ad M. Pease, The Byzatie Geerals Problem, ACM Trasactios o Programmig Laguages ad Systems, Vol. 4, No. 3, July [11] Haiyu Luo, Petros Zerfos, Jieju Kog, Sogwu Lu, Lixia Zhag, Self-securig Ad Hoc Wireless Networks, IEEE ISCC (IEEE Symposium o Computers ad Commuicatios) 22, Italy. [12] J. Newsome, E. Shi, D. Sog, ad A. Perrig, The Sybil Attack i Sesor Networks: Aalysis ad Defese, Iteratioal Symposium o Iformatio Processig i Sesor Networks, Vol. 1(24). [13] B. Przydatek, D. Sog, ad A. Perrig, SIA: Secure Iformatio Aggregatio i Sesor Networks, Proceedigs of the 1st iteratioal coferece o SprigSim

8 Embedded etworked sesor systems, November 5-7, 23, Los Ageles, Califoria, USA. [14] S. D. Servetto, From small Sesor Networks to Sesor Networks, EmNets 26, May 26. [15] B. Su, K. Wu, ad U. Pooch, Secure Routig agaist Black-hole Attack i Mobile Ad Hoc Networks, i Proceedigs of Commuicatios ad Computer Networks, 22. [16] M. Tubaishat ad S. Madria., Sesor Networks: a Overview, IEEE Potetials, 22, 2, 2-23, April 23. [17] M.A.M. Vieira, D.C. da Silva Jr., C.N. Coelho Jr., ad J.M. da Mata., Survey o Wireless Sesor Network Devices, Emergig Techologies ad Factory Automatio (ETFA3), September 23. [18] W. Ye, F. Silva, ad J. Heidema, Ultra-Low Duty Cycle MAC with Scheduled Chael Pollig, i Proceedigs of the 4th ACM Coferece o Embedded Networked Sesor Systems (SeSys), Boulder, Colorado, USA, November, 26. [19] Y. Yu, B. Krishamachari, ad V.K. Prasaa, Eergy-Latecy Tradeoffs for Data Gatherig i Wireless Sesor Networks, IEEE Ifocom'4 [2] S. Zhao, K. Tepe, I. Seskar ad D. Raychaudhuri, Routig Protocols for Self-Orgaizig Hierarchical Ad-Hoc Wireless Networks, Proceedigs of the IEEE Saroff Symposium, Treto, NJ, March 23. [21] L. Zhou ad Z. Haas, Securig Ad Hoc Networks, IEEE Network Special Issue o Network Security, 13, 6, 24-3, November [22] S. Zhu, S. Setia, ad S. Jajodia, LEAP: Efficiet Security Mechaisms for Large-Scale Distributed Sesor Networks, CCS'3, October 23. BIOGRAPHY Idris M. Atakli received his M.S. degree i Electrical Egieerig from the State Uiversity of New York (SUNY), Bighamto i 27. He is curretly pursuig his Ph.D. degree i the Departmet of Electrical ad Computer Egieerig at SUNY - Bighamto. His research iterests iclude iformatio security, digital watermark applicatios, ad computer etwork systems. Mr. Atakli could be reached at iatakli1@bighamto.edu. Hogbig Hu received his B.E. i computer sciece from Jili Uiversity, Chagchu, Chia, ad B.E. i iformatio ad etwork sciece from Chiba Istitute of Techology, Narashio, Japa both i 21. He received his M.S. degree i iformatio sciece from Tohoku Uiversity, Sedai, Japa i 23. He is curretly pursuig his Ph.D. degree i the Departmet of Electrical ad Computer Egieerig at the SUNY - Bighamto. His research iterests iclude speech aalysis, patter recogitio, speech codig, ad etwork systems. Mr. Hu could be reached at hhu1@bighamto.edu. Yu Che received the MS ad PhD degree i Electrical Egieerig from the Uiversity of Souther Califoria (USC) i 22 ad 26, respectively. He is a assistat professor of electrical ad computer egieerig at SUNY - Bighamto. His research iterest icludes etwork security, Security ad privacy i distributed systems ad pervasive computig eviromets, Iteret ifrastructure security, ad recofigurable hardware based security solutios. He is a member of the ACM, the IEEE ad the SPIE. Dr. Che could be reached at yche@bighamto.edu. Wei-Shi Ku received the Ph.D. degree i computer sciece from the Uiversity of Souther Califoria (USC) i 27. He also obtaied both the M.S. degree i computer sciece ad the M.S. degree i Electrical Egieerig from USC i 23 ad 26 respectively. He is a assistat professor with the Departmet of computer sciece ad software egieerig at Aubur Uiversity. His research iterests iclude spatial ad temporal data maagemet, mobile data maagemet, geographic iformatio systems, ad security & privacy. He has published more tha 3 research papers i refereed iteratioal jourals ad coferece proceedigs. He is a member of the ACM ad the IEEE. Dr. Ku could be reached at weishi@aubur.edu. Zhou Su received Ph.D from Waseda Uiversity, Japa i 23. He also received the B.S ad M.S from Xi'a Jiaotog Uiversity, Chia, i 1997 ad 2 respectively. He is a Assistat Professor with Departmet of Computer Sciece at Waseda Uiversity. His research iterests iclude Network Traffic aalysis, Iteret Architecture, Cotets Delivery, Mobile Multimedia, P2P, Overlay Networks, ad ew applicatios o WWW. Dr. Su could be reached at zhousu@asagi.waseda.jp. 28 SprigSim