Towards a Formal Modelling, Analysis, and Verification of a Clone Node Attack Detection Scheme in the Internet of Things

A substantial component of the Internet of Things (IoT) network is made up of unmonitored IoT devices that are generally deployed in hostile situations where attackers attempt to capture and compromise them to gain control of the entire network. One such illustration of this malevolent behaviour on the part of an adversary is the cloning of IoT devices. In a clone node attack, an attacker attempted to physically capture the devices to gather sensitive information to conduct various insider attacks. Several solutions for detecting clone node attacks on IoT networks have been presented in the viewpoints above. These solutions are focused on specific system designs, processes, and feature sets and act as a high-level abstraction of underlying system architectures based on a few performance requirements. However, critical features like formal analysis, modelling, and verification are frequently overlooked in existing proposed solutions aimed at verifying the correctness and robustness of systems in order to ensure that no problematic scenarios or anomalies exist. This paper presents a formal analysis, modelling, and verification of our existing proposed clone node attack detection scheme in IoT. Firstly, we modelled the architectural components of the proposed scheme using HighLevel Petri Nets (HLPNs) and then mapped them using their specified functionalities. Secondly, we defined and analysed the behavioural properties of the proposed scheme using Z specification language. Furthermore, we used the Satisfiability Modulo Theories Library (SMT-Lib) and the Z3 Solver to validate and demonstrate the overall functionality of the proposed scheme. Finally, in addition to modelling and analysis, this work employs Coloured Petri Nets (CPNs), which combine Petri Nets with a high-level programming language, making them more suitable for large-scale system modelling. To perform the simulations in CPN, we used both timed and untimed models, where timed models are used to evaluate performance, and untimed models are used to validate logical validity.

[1]  Athanasios V. Vasilakos,et al.  Formal Verification of the xDAuth Protocol , 2016, IEEE Transactions on Information Forensics and Security.

[2]  Lars Michael Kristensen,et al.  Coloured Petri Nets - Modelling and Validation of Concurrent Systems , 2009 .

[3]  Nikolai Kosmatov,et al.  Formal Verification of a Memory Allocation Module of Contiki with Frama-C: A Case Study , 2016, CRiSIS.

[4]  Mahmut T. Kandemir,et al.  On the Detection of Clones in Sensor Networks Using Random Key Predistribution , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[5]  Samee Ullah Khan,et al.  Modeling and Analysis of State-of-the-art VM-based Cloud Management Platforms , 2013, IEEE Transactions on Cloud Computing.

[6]  Kim-Kwang Raymond Choo,et al.  A Cross Tenant Access Control (CTAC) Model for Cloud Computing: Formal Specification and Verification , 2017, IEEE Transactions on Information Forensics and Security.

[7]  Woo-Sik Bae Verifying a secure authentication protocol for IoT medical devices , 2017, Cluster Computing.

[8]  Wazir Zada Khan,et al.  A Systematic Review on Clone Node Detection in Static Wireless Sensor Networks , 2020, IEEE Access.

[9]  David Broman,et al.  A Toolkit for Construction of Authorization Service Infrastructure for the Internet of Things , 2017, 2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI).

[10]  Kurt Lautenbach,et al.  System Modelling with High-Level Petri Nets , 1981, Theor. Comput. Sci..

[11]  David L. Dill,et al.  A Decision Procedure for Bit-Vectors and Arrays , 2007, CAV.

[12]  Anas Abou El Kalam,et al.  FairAccess: a new Blockchain-based access control framework for the Internet of Things , 2016, Secur. Commun. Networks.

[13]  Roberto Bruttomesso,et al.  The OpenSMT Solver , 2010, TACAS.

[14]  Nicholas J. Dingle,et al.  PIPE2: a tool for the performance evaluation of generalised stochastic Petri Nets , 2009, PERV.

[15]  Tooska Dargahi,et al.  MDSClone: Multidimensional Scaling Aided Clone Detection in Internet of Things , 2018, IEEE Transactions on Information Forensics and Security.

[16]  Aduwati Sali,et al.  Node Replication Attacks in Mobile Wireless Sensor Network: A Survey , 2014, Int. J. Distributed Sens. Networks.

[17]  Valeriy Vyatkin,et al.  Towards formal verification for cyber-physically agnostic software: A case study , 2017, IECON 2017 - 43rd Annual Conference of the IEEE Industrial Electronics Society.

[18]  Albert Y. Zomaya,et al.  Modeling and Analysis of the Thermal Properties Exhibited by Cyberphysical Data Centers , 2017, IEEE Systems Journal.

[19]  Adrian Perrig,et al.  Distributed detection of node replication attacks in sensor networks , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[20]  Nasser-Eddine Rikli,et al.  Lightweight trust model for the detection of concealed malicious nodes in sparse wireless ad hoc networks , 2016, Int. J. Distributed Sens. Networks.

[21]  Longfei Wu,et al.  A Survey on Security and Privacy Issues in Internet-of-Things , 2017, IEEE Internet of Things Journal.

[22]  Sajal K. Das,et al.  Fast Detection of Replica Node Attacks in Mobile Sensor Networks Using Sequential Analysis , 2009, IEEE INFOCOM 2009.

[23]  Christopher L. Conway,et al.  Cvc4 , 2011, CAV.

[24]  Muhammad Bilal Amin,et al.  A formally verified blockchain-based decentralised authentication scheme for the internet of things , 2021, The Journal of Supercomputing.

[25]  Nadeem Javaid,et al.  Fog Computing Over IoT: A Secure Deployment and Formal Verification , 2017, IEEE Access.

[26]  Grzegorz Rozenberg,et al.  High-level Petri Nets: Theory And Application , 1991 .

[27]  Wil M. P. van der Aalst,et al.  Applications and Theory of Petri Nets , 1983, Informatik-Fachberichte.

[28]  Amjad Rehman,et al.  Data offloading in IoT environments: modeling, analysis, and verification , 2019, EURASIP J. Wirel. Commun. Netw..

[29]  Abid Khan,et al.  A Context-Aware Information-Based Clone Node Attack Detection Scheme in Internet of Things , 2021, J. Netw. Comput. Appl..

[30]  Asad Waqar Malik,et al.  CloudNetSim++: A GUI Based Framework for Modeling and Simulation of Data Centers in OMNeT++ , 2017, IEEE Transactions on Services Computing.

[31]  Manuel Díaz,et al.  State-of-the-art, challenges, and open issues in the integration of Internet of things and cloud computing , 2016, J. Netw. Comput. Appl..

[32]  Michael Westergaard,et al.  CPN Tools for Editing, Simulating, and Analysing Coloured Petri Nets , 2003, ICATPN.

[33]  Kurt Jensen,et al.  A Brief Introduction to Coloured Petri Nets , 1997, TACAS.

[34]  Armin Biere,et al.  Boolector: An Efficient SMT Solver for Bit-Vectors and Arrays , 2009, TACAS.

[35]  Aduwati Sali,et al.  Detecting sybil attacks in clustered wireless sensor networks based on energy trust system (ETS) , 2017, Comput. Commun..

[36]  Naixue Xiong,et al.  An Improved Mobility-Based Control Protocol for Tolerating Clone Failures in Wireless Sensor Networks , 2016, Sensors.

[37]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[38]  Benjamin Aziz,et al.  A formal model and analysis of an IoT protocol , 2016, Ad Hoc Networks.

[39]  Kurt Jensen Coloured Petri Nets , 1992, EATCS Monographs in Theoretical Computer Science.

[40]  Christel Baier,et al.  Principles of model checking , 2008 .

[41]  Mohsen Guizani,et al.  Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications , 2015, IEEE Communications Surveys & Tutorials.

[42]  Junliang Chen,et al.  Constructing scalable Internet of Things services based on their event‐driven models , 2015, Concurr. Comput. Pract. Exp..

[43]  K. Jensen Coloured Petri Nets and the Invariant-Method , 1983 .

[44]  Nikolaj Bjørner,et al.  Satisfiability Modulo Theories: An Appetizer , 2009, SBMF.

[45]  Tongquan Wei,et al.  Quantitative Analysis of Variation-Aware Internet of Things Designs Using Statistical Model Checking , 2016, 2016 IEEE International Conference on Software Quality, Reliability and Security (QRS).

[46]  L. D. Moura,et al.  The YICES SMT Solver , 2006 .

[47]  Shengli Liu,et al.  Single Hop Detection of Node Clone Attacks in Mobile Wireless Sensor Networks , 2012 .

[48]  Roberto Di Pietro,et al.  Clone wars: Distributed detection of clone attacks in mobile WSNs , 2014, J. Comput. Syst. Sci..

[49]  Fang Liu,et al.  Real-Time Detection of Clone Attacks in Wireless Sensor Networks , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[50]  Thiemo Voigt,et al.  SVELTE: Real-time intrusion detection in the Internet of Things , 2013, Ad Hoc Networks.

[51]  Sanjit A. Seshia,et al.  Beaver: Engineering an Efficient SMT Solver for Bit-Vector Arithmetic , 2009, CAV.

[52]  Divya Saxena,et al.  Design and Verification of an NDN-Based Safety-Critical Application: A Case Study With Smart Healthcare , 2019, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[53]  Jayanthi Paramasivam,et al.  A two-level authentication scheme for clone node detection in smart cities using Internet of things , 2020, Comput. Intell..

[54]  Mouzhi Ge,et al.  Proactive trust classification for detection of replication attacks in 6LoWPAN-based IoT , 2021, Internet Things.

[55]  Mansoor Ahmed,et al.  Towards a formally verified zero watermarking scheme for data integrity in the Internet of Things based-wireless sensor networks , 2017, Future Gener. Comput. Syst..

[56]  B. B. Zaidan,et al.  A review of smart home applications based on Internet of Things , 2017, J. Netw. Comput. Appl..

[57]  Kurt Jensen,et al.  Coloured Petri Nets and the Invariant-Method , 1981, Theor. Comput. Sci..

[58]  Alberto Griggio,et al.  The MathSAT5 SMT Solver , 2013, TACAS.

[59]  Chun-Shien Lu,et al.  Localized Algorithms for Detection of Node Replication Attacks in Mobile Sensor Networks , 2013, IEEE Transactions on Information Forensics and Security.

[60]  Kurt Jensen High-Level Petri Nets , 1982, European Workshop on Applications and Theory of Petri Nets.

[61]  Thomas F. La Porta,et al.  SET: Detecting node clones in sensor networks , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[62]  Giancarlo Fortino,et al.  Evaluating Critical Security Issues of the IoT World: Present and Future Challenges , 2018, IEEE Internet of Things Journal.

[63]  Kun-Hee Han,et al.  Proposing and verifying a security-enhanced protocol for IoT-based communication for medical devices , 2016, Cluster Computing.

[64]  Sheetal Kalra,et al.  Secure multi‐factor remote user authentication scheme for Internet of Things environments , 2017, Int. J. Commun. Syst..

[65]  R Saravanan,et al.  Preventing clone attacks using dynamic cryptography in MANETs , 2018 .

[66]  Florian Kammüller,et al.  Formal Modeling and Analysis with Humans in Infrastructures for IoT Health Care Systems , 2017, HCI.

[67]  Meenakshi D'Souza,et al.  A Framework for Modeling and Verifying IoT Communication Protocols , 2017, SETTA.

[68]  B. Jaison,et al.  Protection on Wireless Sensor Network from Clone Attack using the SDN-Enabled Hybrid Clone Node Detection Mechanisms , 2020, Comput. Commun..