Node Replication Attacks in Wireless Sensor Networks: Bypassing the Neighbor-Based Detection Scheme

We consider the node replication attack, which is an application-independent attack unique to wireless sensor networks. The attack makes it possible for an adversary to prepare her own low-cost sensor nodes and induce the network to accept them as legitimate ones. To do so, the adversary only needs to physically capture one node, reveal its secret credentials, replicate the node in large quantity, and deploy these malicious nodes back into the network so as to subvert the network with little effort. Recently, Ko et al. proposed a neighbor-based detection scheme to cope with replication attacks. The scheme features distributed detection and takes node mobility into account. It harnesses the dynamic observations of the neighbors of a claimer node and avoids the protocol iterations typically found in distributed detections. Unfortunately, we show that their proposal is subject to various replication attacks that can circumvent the detection. Moreover, it is even possible for a sophisticated adversary to exploit the protocol to revoke legitimate nodes.