From Time Domain to Space Domain: Detecting Replica Attacks in Mobile Ad Hoc Networks

A common vulnerability of wireless networks, in particular, the mobile ad hoc network (MANET), is their susceptibility to node compromise/physical capture attacks since the wireless devices are often not protected by tamper-resistant hardware due to small form factors and low cost, and can be easily stolen/lost or temporarily controlled by unauthorized entities due to their harsh working environments. A serious consequence of the device capture attack is the node replication attacks in which adversaries deploy a large number of replicas of the compromised/captured nodes throughout the network. Replicated nodes have all legitimate security credentials and therefore can launch various insider attacks, or even take over the network easily. They are indeed "attack multipliers" and therefore are extremely destructive to the network. Detecting replication attacks is a nontrivial problem in MANETs due to the challenges resulted from node mobility, cloned/compromised node collusion, and the large number and wide spread of the replicas. Existing approaches either fail in mobile environments due to the limitations caused by local views or their dependence on invariant claims such as location and neighbor list, or are constrained by the number, distribution, and colluding activities of the replicas. In this paper, we propose two replication detection schemes (TDD and SDD) to tackle all these challenges from both the time domain and the space domain. Our theoretical analysis indicates that TDD and SDD provide high detection accuracy and excellent resilience against smart and colluding replicas, have no restriction on the number and distribution of replicas, and incur low communication/computation overhead. To our best knowledge, TDD and SDD are the only approaches that support mobile networks while place no restrictions on the number and distribution of the cloned frauds and on whether the replicas collude or not.