Abstract

Node compromise is a serious security threat that hinders the successful deployment of large-scale wireless sensor networks. A node compromise often consists of three stages: physically obtaining and compromising the sensors, redeploying the compromised sensors, and compromised nodes launching attacks after their rejoining the network. By far, all the proposed compromise detection schemes address this problem at the third stage. In this paper, we make the first attempt to detect node compromise at the second stage. Our motivation is that for some applications an attacker may not be able to precisely deploy the compromised sensors back into their original positions. Thus, the detection of location change will become an indication of a potential node compromise. We name this node redeployment detection problem. We propose two approaches to detect node redeployment, based on the change of node neighborship and the change of measured distances between nodes, respectively. Our simulation study shows that both schemes can detect node redeployment effectively (with low false positive rate and high detection rate).