Abstract to disrupt the network, these nodes are deployed



Wireless sensor networks are used in various applications. Wireless sensor
networks(WSN) refers to spatially distributed sensors, which can be used to
monitor the environment and collect the data and can be sent to main locations.
The sensors can monitor sound, temperature, pressure etc. The various
applications of Wireless sensor include military applications like  battlefield surveillance, area monitoring,
healthcare monitoring, environment and industrial monitoring. These sensor
nodes are vulnerable to some of the security attacks. The most dangerous
attacks among them Node replication attack. In this attack, the adversary
creates its own sensor nodes. In order to disrupt the network, these nodes are
deployed at various locations in the network. The adversary node captures the
legitimate node and copies all the credential information from the node and
creates many replicated nodes and deploys them in the network. Detection and
prevention of these attacks is tedious and many research works have been
carried out. In this article, we provide information about various detection
schemes and also the limitations of them by comparing them with each other. We
also provide some suggestions for future research use.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

             Keywords: Node Replication attacks,
Clone node Identification, Replicated nodes.


            Recently, the technological
innovations have led to the development of Wireless sensor network which is
built up of distributed autonomous sensor nodes. These sensor nodes also called
are capable of sensing the environmental conditions and collect data. Sensor
nodes are battery driven. They consist of microcontroller, transceiver,
external memory, These wireless sensor networks have various applications in
temperature monitoring, climate sensing, military war field, health care
monitoring16.  The various attacks that
cause threaten to sensor nodes are Sybil attack, Black hole attack, Sinkhole
attack, Node replication attack etc. In this article, we are going to discuss
about most vulnerable attack, that is Node replication attack.


There are two types of WSN namely Static
wireless sensor network(SWSN) and Mobile wireless sensor network(MWSN). In
SWSN, the position of the sensor nodes are fixed at the time of deployment and
does not change and they use fixed routing. In MWSN the sensor nodes move
freely after deployment in the network and use dynamic routing.


in WSN


Generally the attacks are classified into Layer dependent attacks and Layer
Independent attacks6.


Dependent Attacks are application dependent and these
attacks use specific functionalities of OSI. The various types of layer
dependent attacks are:

Routing attack

Data Integration attack

Localization attack

Time synchronization attack

Independent attacks are application independent. The various
types of layer independent attacks are:

Node Replication attack

Sybil attack

attack versus Active attack

 In Passive attack, the
information is captured without affecting the network. In Active attack, the
attacker causes various damages to network.

Hole Attack

   Black hole attack
consists of various malicious nodes that advertise their route as the optimized
shortest path to specific destination and gather all network traffic and also
drop all packets. As a result, there is a loss in critical information in the


Attack(Network Layer)

    In Sybil attack, a node assumes itself as
another node and thus causes several replicas in the network. This attack
degrades the security, data integrity, and also the resource utilization. This
results in data loss which is a great threat to the network.


Link Layer)

   In this attack, the jammer
interfere with the transmission and reception of wireless communications.
Jamming is a kind of Denial of Service attack. The nodes prevent other nodes
from communicating to the channel by occupying itself.

                (4)Worm Hole Attack (Network Layer)

attack can be easily launched without the prior knowledge about the network.
`The attacking node fakes the route that is shorter than the original and thus
confusing the routing mechanisms in the network. The attacking node captures
the packet and transmits to other nodes which distributes them locally.

               (5) Hello Flood Attack

                             In this type of
attack, the attacker node broadcasts hello message to the networks and it acts
as a fake destination.

          (6) Node replication Attack

this attack, the attacker captures a legitimate node and creates multiple clone
nodes with the same ID and information.

These replicated nodes
acts like original node and tries to get all the credential information from
the network.

Thus, this attacks threat
to the security of the data.

Security Methods to Wireless Sensor Networks





Random Key

Sybil Attack


Multi-base station

Hello Flood Attack


Eschenauer and Gligor

Data and Information Spoofing



Black Hole Attacks


Replication Attacks in WSN

node replication attack, the adversary initially captures a legitimate node and
then copies all the information including all cryptographic information from
the captured node. Then it creates many replicas with the same ID to act as
legitimate nodes, then deploys at different locations in the network in order
to disrupt the network.

Replication attack

Steps in node replication attack.

v  Initially,
the sensor nodes are deployed in the network.

v  After
deployment, the adversary tries to capture one legitimate node in the network.

v  The
attacker nodes extracts all the confidential and cryptographic information from
the captured node and creates replicas of the captured node.

v  These
clone modes with same ID as captured node are deployed in the network at
various locations in order to disrupt the network services.

The attacker node tries
to get the over the node deployed in the network through any activity and this
is said to be Node Compromise. After
getting the control it tries to insert false data, then listens to the network
traffic further causing the various attacks like Dos Attack, Black hole attack
etc. Now the compromised node is connected to the network and all the
information is extracted by the attacker.

                                     Node Replication Attack

Clone Node/Replicated Node

node is a node that contains all information of legitimate node and acts like
legitimate node of the network. But, the main purpose of the clone node is to
disrupt the network services and it is responsible for the malicious activities
in the network.

3  Metrics for evaluating Node Replication
Detection Schemes

various parameters involved in evaluating the performance are

Storage overhead,
communication overhead, cost, data security, energy conservation, Qos, Power
consumption, packet loss etc.

overhead – Number of location claims stored by the
sensor nodes.


overhead – average of number of messages sent by the
sensor nodes in order to verify the location claims.


 Cost – Defined as the amount of
cost spent to deliver the data fron source to destination.


Efficient – Minimum amount of energy required by the
node to send the data to the destination.


loss – The number of packets lost while transmitting from
source to destination which mostly occurs due to the network congestion.

4 Classification of SWSN Node
Replication Attack Detection Schemes






The network based schemes are classified into divided
into two types namely,



They are further classified into Distributed and Centralized

Local Voting Scheme

This scheme1 was
proposed by Chan H to identify the clone nodes. In this method, the neighbour
nodes are allowed to cast their public votes against the other nodes that
misbehave. So if a nodes public vote exceeds more than the threshold value,
then the communication between that node and other nodes are stopped.



Limited only to less number of nodes.

Fails to detect replicas within the

Accuracy is also a challenging task

Random Key Pre-Distribution Scheme

   In this scheme2 R Geetha stated that each
node initially maintains a subset of random keys from a pool of keys which is
used for the authentication purpose. If two nodes maintain a same key, then
they both establish a secure communication link between them3. But, if
suppose that same key is used repeatedly then that node is considered as thje
Clone node.


Time consuming

Storage overhead because each and every
node maintains list of keys.

4.3 q-Composite Key Pre-Distribution scheme

In this scheme1, if two
nodes wants to communicate then they must share q keys, then exclusive-or(XOR)
is performed to compute the new key value which can be used for future
communication. Dr Faizal has stated that this is a method to maintain secrecy
of the network.


Varying computation time due to key size.

Centralized Base Station Scheme

     As the name suggests, all nodes have to
node to send the list of neighbour nodes to the base station, which checks
whether any replication exists. If it exists, it tries to get back the node by
flooding the revocation messages2.


Suffers from single point failure.

Node to Network Broadcast Scheme(N2NB)

       This method uses the
simple broadcast mechanism2. Every node that is present within the network
sends authenticated broadcast messages along with their location information
that is stored by their neighbours and if any problem occurs then revocation
procedures are called.


Communication cost is high.

Adversary can jam the key locations or in
the communication path.

Deterministic Multicast (DM)

     The main purpose of Deterministic
Multicast protocol is to improve the communication cost incurred by the
Node-to-Network broadcast protocol. This protocol sends it location claim only
to selected witness nodes5. Whenever
there is a need for a node to establish a link, it broadcasts its location
claim to its neighbour node that is again forwarded to group of nodes. Now, the
witness tries to find nodes of same ID in different location that is replicated


Limited number of witness nodes makes easy
to adversary to create more number of nodes.

Increased communication cost as the number
of witness nodes increases.

Multicast (LM)

     This protocol was proposed by Zhu10&11
to find the replication attacks. This protocol uses different approach in
selecting witness nodes. They are selected from a particular geographical
region. There are two types of LM namely Single Deterministic Cell(SDC) and
Parallel Multiple Probabilistic Cell(P-MPC).


Failure occurs if nodes fail to send their
location claim to neighbour  nodes

Failure occurs if nodes fail to store the
location claim in their memory.


Deployment Scheme


Jun-Won Ho proposed a scheme8 & 9
with a assumption that all the nodes are deployed in group with respect to
predetermined deployment point. The scheme allows nodes to communicate only
with their group members. By this group knowledge, replication attack can be
avoided. This scheme defines two types of nodes namely, trusted nodes and
un-trusted nodes. The nodes that are close to group deployment point are called
trusted nodes and the nodes that are far away from deployment point are called
un-trusted nodes. The messages from trusted nodes are only accepted whereas
other messages are ignored. This scheme reduces the overhead caused by
communication and storage.



There is a possibility of having the
honest nodes far away from deployment point.

Efficient and Distributed Protocol (RED)


  This protocol was
proposed by Maura Conti to detect the replicas present in the network. This
protocol allows continuous iterations to find and remove the replicas18. This
protocol performs continuous iterations for identifying the clone nodes present
in the network which gives high detection rate. This is similar to the Random
Multicast (RM). This differs in way of selecting the witness node7. This RED
protocol involves two steps. In first step, a leader is selected to broadcast
the random value that is selected to all the nodes. In the second step, node
digitally signs the location claim with its own private key. It also broadcasts
its location. Whenever the neighbour node receives the claim, it forwards to
the pseudo randomly selected witness nodes. When the message is received by the
destination, it verifies whether it is original message. After verification,
witness node extracts the details and checks for the clone nodes.


Slightly lower detection rate than the

Skew Based Identification

this method13, clock skew is used to identify the replicated attack. Every
node in the network has its own clock skew value. Clock skew value is different
for each  nodes. Variation between clock
skew is calculated and the threshold value is set. Whenever a new  incoming 
packet  is arrived, its clock skew
value and threshold value  is compared
and if the value has much difference than threshold value then the node
replication attack identification function is done.


The adversary can try to change the clock
skew by faking the timestamps and can generate another identity.


Hello Message Broadcast


In this method14, the node that wants to
have link establishment broadcasts HELLO message with its ID along with its
generation ID. The node that receives that message first verifies whether it
belongs to same generation. If yes, then it checks the timer(time to establish
link). If timer is expired then it discards else the link is established
between them. Then in the second case, if the requesting node belongs to the
immediate next generation it sends its Id to neighbour nodes to check the ID’s
presence in their routing table. If present then it responding nodes sends OK
message. The newly deployed node rejects the OK messages that are received same
node ID. After that, if the count is greater or equal to two is accepted as
legitimate node. The request from the non-immediate generation is discarded.



As this protocol allows only link
establishment between same and next immediate generation many legitimate nodes
were unable to establish link between non-immediate generation nodes.



In this protocol12 the neighbour node’s Id of the
newly inserted node is encoded and compressed using bloom filters and it is
used as a proof to identify the clone node. The bloom filter outputs are
compared. The validity is found by verifying the bloom filter outputs of the
same node ID.  RDB-R consists of three
stages namely proof generation, proof delivery and proof validation.



Local voting Scheme

Limited number of nodes
and accuracy

Random Key Pre-Distribution

Storage overhead

q-Composite Key
Pre-Distribution scheme

Varying  computation time

Centralized Base
Station Scheme

Single Point failure

Node to Network
Broadcast Scheme(N2NB)

High cost

Deterministic Multicast

Communication cost
increases as witness nodes increase

Localized Multicast

Fails if node doesn’t
store location claim to it memory and if it is not forwarded to neighbour

Group deployment scheme

Honest nodes may be
considered as un-trusted nodes due to the distance from deployment point

Clock Skew Based

Clock skews can be
changed by adversary

Hello message broadcast

No link establishment
between non –immediate generation nodes.



In this paper we have
discussed about the attacks possible on the wireless sensor network. Mainly
about the Node Replication attacks. We have also seen about the various
approaches and methods like local voting scheme, deterministic multicast,
localized multicast, RED  that were used
to avoid or recover from replicated attacks. Still there are lot of challenges
in node replication attack so further work has to be done to come out with good
method that helps to fully recover from node replication attack


Chan ,Adrian Perrig and Dawn Song, Random Key Predistrbution
Sceheme Key for sensor Networks, Carnegie
Mellon University, (2003).

2Bryan Parno, Adrian
Perrig and Virgil Gligor, Distributed
Detection of Node Replication Attacks in Sensor Networks, in Proceedings of the IEEE Symposium on
Security and Privacy (IEES and P’05), pp.49-63, (2005).


Brooks,P. Y. Govindaraju, Matthew Pirretti, N. Vijaykrishnan, Mahmut T.
Kandemir, On the Detection of Clones in Sensor Networks Using Random Key
Predistribution, IEEE Transactions on
Systems, Man, and Cybernetics—Part C: Applications and Reviews, Vol. 37, No. 6,

4Bo Zhu, et.al, Efficient
Distributed Detection of Node Replication Attacks in Sensor Networks, A Research article, Concordia University, (2007).

H.Choi, S.Zhu,T.F.L.Porta, SET:Detecting node clones in sensor networks, in Proceedings of the 3rd International
Conference on Security and Privacy in Communication Networks ,  pp. 341–350, (2007).

6Yun Zhou and Yuguang Fang, Yanchao Zhang, Securing
Wireless Sensor Networks: A Survey, in  IEEE Communication Surveys, 3rd
Quarter 2008, Volume 10, No.3, (2008).

7K. Xing, F. Liu, X. Cheng, D. H.C. Du, Real-time detection of clone attacks in wireless sensor networks, in Proceedings of the 28th International Conference on Distributed
Computing Systems (ICDCS), (2008).

8L. Yu and J. Li, Grouping based resilient
statistical en-route filtering for sensor networks, in the proceedings of the IEEE
INFOCOM, (2009).

9J.W.Ho, D. Liu, M. Wright, and
S. K. Das, Distributed detection of replica node attacks with group deployment
knowledge in wireless sensor networks, Ad Hoc Networks, vol. 7, no. 8, pp. 1476–1488, 2009.

10X. Meng,
K. Lin, and K. Li, Node based randomized and distributed protocol for detecting
node replication attack, in Algorithms and Architectures for Parallel Processing,
vol. 6081 of Lecture Notes in Computer
Science, pp. 559–570, (2010).

11T.Bonaci, P.Lee,L.Bushnell, Distributed Clone detection in wireless sensor networks: an optimization
approach, in Proceedings of the 2nd IEEE
International Workshop on Data Security and Privacy in Wireless Networks, (2011).

12Kwantae Cho, Byung-Gil
Lee, and Dong Hoon Lee, Low-Priced and Energy-Efficient Detection of Replicas
for Wireless Sensor Networks, IEEE
Transactions, vol 11, No.5, (2014).

13Ding-Jie Hung, Wei-Chung,
Chih-Yuan Wang, Huang, and Joseph M. Heellerstein, Clock Skew Based Node
Identification in Wireless Sensor Networks,
National Taiwan University of Science and Technology, (2008).

14Moirangthem Marjit Singh,
Ankita Singh and Jyotsana Kumar Mondal, Preventing  Node Replication Attack in Static Wireless
Sensor Networks, Kalyani University,

15Sachin Umarao, Deeksha
Verma, Arun Kumar Tripathi, Detection and Mitigation  of Node Replication with Pulse Delay Attacks
in Wireless Sensor Network, IEEE
Transactions, (2013).

16C. Karlof
and D. Wagner, Secure routing in wireless sensor networks: attacks and
countermeasures, in Proceedings of the 1st IEEE
International Workshop on Sensor Network Protocols and Applications, (2003).

 17Bhagyashree  Shimpi and Ms. Sameeksha shrivastava, A
Modified Algorithm and Protocol for Replication Attack and Prevention for
Wireless Sensor Networks, in proceedings
of the IEEE Transactions, (2016).

18P. Abinaya  and C. Geetha, Dynamic Detection of Node
Replication Attacks using X-RED in Wireless Sensor Networks, in proceedings of the IEEE Transactions,

19Sudipto Roy and Manisha J
Nene, Prevention of Node Replication in Wireless Sensor Network using Received
Signal Strength indicator , Link Quality Indicator and Packet Sequence Number, in proceedings of the International
Conference on Green Engineering and Technology(IC-GET), (2016).

20Roberto Di Pietro, Luigi V. Mancini, Claudio
Soriente, Angelo Spognardi, and Gene Tsudik, Data Security in Unattended
Wireless Sensor Networks,IEEE
TRANSACTIONS on COMPUTERS, Vol. 58, No. 11, (2009).