Feedback: Towards Dynamic Behavior and Secure Routing for Wireless Sensor

Networks

Zhen Cao, Jianbin Hu, Zhong Chen, Maoxing Xu, Xia Zhou
School of Electronics Engineering and Computer Science, Peking University
Network and Information Security Laboratory
Beijing, China
{ caozhen, hjbin, chen, xumx, zhouxia }@infosec.pku.edu.cn

Abstract monitoring and frontier monitoring, security and intrusion

Wireless sensor networks, due to their potentially wide
application perspectives, may proliferate in future. Two ma-
jor stumbling blocks are the dynamic variance of network
topology caused by the energy constraint of sensor nodes
and uncertainties of wireless links, and the security rout-
ing in this severe security environment. Therefore adapt-
able and defendable routing mechanism is in urgent need
for the deployment of these networks. In this paper, we pro-
pose FBSR, a novel feedback based secure routing proto-
col. Feedback, from both the nearby neighbors and base
stations, serves as the dynamic information of the current
network, with which sensor nodes make forwarding deci-
sion in a secure and energy aware manner. We present both
mathematical analysis and simulation results to show the
efficiency of FBSR.
1. Introduction
Wireless sensor networks, which combines data sens-
ing, wireless communicating, information processing, and
distributed computing, has becoming more and more pop-
ular in recent years. Two problems may be most com-
pelling in wireless sensor networks; they involve the dy-
namic changes in topology and secure routing respectively.
These problems can be attributed to the strict constraint of
sensor nodes’ energy and the frequently variance of wireless
channels qualities, which make the nodes susceptible to en-
ergy failures and links prone to external interference, hence
gives rise to dynamic variance of the network. At the same
time, nodes limited resource also make wireless sensor net-
works vulnerable to both inside and outside attacks under
severe security environment arising from the broadcast na-
ture of the wireless channel and lack of physical security.
Whereas in certain specific applications such as battlefield
tolerance are especially important. Therefore, it is desirable
to take these questions into account for designing a both
adaptable and secure routing protocol performed well in the
context discussed above.
With this in mind, in this paper, we introduce a novel
routing scheme called Feedback Based Secure Routing pro-
tocol (FBSR) for wireless sensor networks. Through uti-
lizing feedback information from neighbor nodes to rep-
resent current states of them, FBSR consists of local in-
dependent forwarding decisions based on current feedback
information and prediction of future conditions. Hence in
other words, highly dynamic changes of network topology
will not apparently compromise FBSR ’s performance since
feedback information makes it more adaptable to the vari-
ance of network topology. Furthermore, as it is usually the
case that base station owns powerful capacity because of the
rechargeable energy supply, its capacity can be exploited to
do heavy statistic computations and analysis in order to de-
tect malicious nodes. In this way, FBSR achieves the se-
cure routing objective without imposing any extra energy
consumption on normal nodes.
1.1. Design Objectives
The design objectives of FBSR includes:
1= Dynamic behavior. Our intuition comes from the us-
age of ’dynamic information’ about the sensor networks. In-
stead of routing packets in an ’ad-hoc’ manner, each sensor
node in FBSR chooses the next hop based on the feedback
of their neighbors. The feedback information coming from
nearby neighbors is an evaluation of the current computing
capacity. Because the computing capacity of each node will
change with times, the feedback message constructed this
way can reflect the current status of this node. This feed-
back information can be included in the acknowledgement
frame without any usage of extra message for the consider-
ation of avoiding network congestion

Proceedings of the 20th International Conference on Advanced Information Networking and Applications (AINA’06)
1550-445X/06 $20.00 © 2006 IEEE
 2= Secure routing. Because the sensor nodes have lim-
ited computation and storage capacity for cryptography al-
gorithms, the best tradeoff can be made by providing secu-
rity on the network layer with the routing protocol. On the
assumption that the base station have enough energy supply
and high enough radio power, we can utilize the feedback
from the base station to identify the malicious nodes. The
base station can recognize malicious nodes from the trace
of each route, and periodically broadcast feedback message
containing the intruder IDs, so that normal nodes can ef-
fectively avoid the spoofed, altered and replaying routing
information from these nodes.
3= Energy efficient. FSBR uses energy aware and geo-
graphically informed neighbor evaluation heuristics to feed-
back the current status of neighbors. The neighbor evalua-
tion function is a combination of energy and distance met-
rics. But we argue that energy aware neighbor selection is
necessary only when the consumed energy exceeds a cer-
tain level. So a threshold evaluation function is utilized to
evaluate the energy level. When the consumed energy is
below a threshold, the energy level stays static, otherwise it
linearly slips down.
1.2. Related Work
Some routing protocols [1] [2] [3] utilize the idea of
feedback to help make routing decisions. FBR [1] is a
feedback based routing protocol, in which a router moni-
tors packet traffics on its routes and use this as feedback
to determine the usability of the routes, so as to be resis-
tant to attacks and byzantine failures. But FBR is proposed
for the Internet, hence not applicable for sensor networks.
ALARM [2] is an adaptive routing protocol for Mobile Ad-
hoc Networks, which uses link duration as the mobility
feedback metrics to determine the appropriate forwarding
method. Since nodes are relatively static in wireless sensor
networks compared with MANET, this method does not fit
for our objectives. SPEED [3] uses local feedback control to
guarantee per-hop delay, so as to meet the real-time require-
ment of sensor networks. However, FBSR aims to be adapt-
able to the dynamic variance of sensor networks. Feedback,
included in the MAC layer ack frame, is the representative
of both the node capacity and the quality of wireless link,
and also incurs non extra beacon exchanges.
Some secure routing protocols [4] [5] based on symmet-
ric key cryptography have been proposed for ad-hoc net-
works. Because they are too expensive in terms of node
state and packet overhead, they are not suitable for sensor
networks. Many protocols [6] [7] exploit the potential ca-
pacity of base station to achieve security goals. SPINS [6]
introduces two low-level secure building blocks, SNEP and
W HVOD. INSENS [7] employs the one-way authenti-
cation mechanism to authenticate any information sent by
Proceedings of the 20th International Conference on Advanced Information Networking and Applications (AINA’06)
1550-445X/06 $20.00 © 2006 IEEE
the base station. Karlof et al. [8] gives the first analysis
of secure routing in sensor networks, and introduce two
classes of novel attacks against sensor networks, sinkhole
and HELLO flood. In FBSR, base station is responsible for
the detection of sinkhole and wormhole attacks, and nor-
mal nodes can avoid these adversaries in routing with base
station feedback.
2. FBSR: Feedback based secure routing
In this section, we describe the details of FBSR. Once
transmitting a packet, the sender prioritizes its neighbors
with an evaluation function and places this neighbor list in
the packet header. Neighbors, on receiving the packet, will
includes its feedback in the ack frame and acknowledges the
sender, and in the meantime makes independent decision of
whether to forward the packet. Feedback from base sta-
tion contains the malicious nodes detected by the BS, with
which sensor nodes can avoid the adversaries in routing.
2.1. Neighbor evaluation and prioritizing
In order to bring the packet closer to the destination in an
energy efficient way, the sender will prioritize its neighbors
according to their last time feedback and put this prioritized
neighbor list in the routing packet header (During the first
round when feedback is not available, neighbors are priori-
tized by their distance to the destination). Then the sender
transmits the packet, deferring the decision of which node to
forward until the process of MAC layer contention, which
will be discussed in the next subsection.
Feedback computing is distributed at the receiver side
with an evaluation function. The evaluation function is a
combination of the node’s current energy status and its dis-
tance to the destination. Energy level is used as the metric
to evaluate the energy status of the sensor nodes. When
the consumed energy is less than the threshold, the energy
level stays at 1.0, and when it exceeds the threshold, the en-
ergy level linearly slips down until zero. Figure 1 shows
the curve of the energy level evaluation function, where
both consumed energy and threshold is denoted by the per-
centage by the initial energy on the nodes. FBSR uses
this threshold mechanism different from Different from
GEAR [9] because we believe that when the energy prob-
lem is not severe, excessive consideration of the energy will
definitely lead to the choice of a longer route and thus con-
sume more energy of the whole network. And our feed-
back evaluation function is: i (hqhuj| ohyho> glvwdqfh) =
hqhuj| ohyho × (G  G0 ), where G and G0 are the dis-
tance from source and from this node to the destination
respectively. The bigger the evaluation value, the higher
priority the neighbor node represents. Only when the con-
sumed energy exceeds the threshold does the evaluation
 Energy Level
1.0
0
threshold 100% Consumed Energy(%)
Figure 1. Energy level evaluation
function become relevant to both energy and distance met-
rics. And when the consumed energy is below the threshold,
i() = G  G0 , which means that the evaluation function
represents how much this neighbor geographically brings
the packet closer to the destination.
2.2. MAC Layer decision and feedback
FBSR integrates routing layer and MAC layer so that
the decision of which neighbor will forward the packet is
decided by the MAC layer. FBSR employs the distributed
slotted MAC protocol similar to ExOR [10]. During trans-
mission, the sender reserves multiple slots of time for the
MAC layer contention. Neighbors, on the other hand, delay
an amount of time determined by their priority in the neigh-
bor list before sending back ACK, so that the higher rank a
neighbor is placed in the neighbor list, the higher probabil-
ity it will be the next hop (to be proved). The acknowledge-
ment from the MAC layer carries a feedback field as well
as the ID of the sender of the highest priority ACK heard so
far. When the slotted acknowledgement window has passed,
each neighbor makes a local decision on whether to forward
the packet. Anyone who has not heard any ACK of higher
priority neighbors will forward the packet. In the meantime
of MAC layer contention, the sender should keep track of
the feedback value carried in the ACK frame, so that it can
detect and cache the current status of its neighbors. The
sender will re-prioritize the neighbor list based on the feed-
back value, and to avoid heavy computation overhead, the
prioritization will be done with a time slot.
We will show how dynamic behavior is achieved with
MAC layer feedback. We illustrate this with the topology
shown in Figure 2. Suppose source node S is sending pack-
ets for node D (destination), and node A, B, and C are its
neighbors. In the beginning, the neighbor list is prioritized
as A, B, and C. But after a while, when node A is engaged
in communication with node X, it will not respond to the
invitation of forwarding packets from node S, and no feed-
back is sent back to S. Not hearing the acknowledgement of
neighbor A, node S partially knows that A is currently not
Proceedings of the 20th International Conference on Advanced Information Networking and Applications (AINA’06)
1550-445X/06 $20.00 © 2006 IEEE
B
S A X D
C
Figure 2. Feedback: towards dynamic behav-
ior
available and regards its feedback is NULL (0), then after
the next prioritization, node A is at the end of the neighbor
list with the least probability of being the next hop. From
the principle of time localization, FBSR can always find the
next hop with a currently good channel in this way. And
after the prioritizing timeout, if node A recovers from com-
municating with node X, it can find its proper place in the
neighbor list again. When node A consumes most of its en-
ergy some time later, certain node will replace it on the top
of the neighbor list, then the network traffic will be directed
to the other node, hence balancing the energy consumption
network wide.
2.3. Base station feedback
Because the base station is always placed on the moni-
toring side with physical attendance, we can assume that it
is equipped with a special sensor node which has recharge-
able energy supply and high enough radio power. FBSR
employs base station feedback to achieve secure routing in
this kind of asymmetric sensor networks.
Here we give a simple but useful method for the base
station to detect malicious nodes. The routing packet header
contains a route trace that includes the node ids along the
way. When a node receives a packet, it adds the id of the
node on the previous hop to the route trace. In this way,
FBSR prevents the malicious nodes avoid putting their ids
in the routing trace. With the route trace information, base
station can detect the potential malicious nodes and then
broadcast in the networks so that normal nodes can avoid
these nodes in future.
Base station is responsible for keeping track of the rout-
ing trace information, recording the statistic information of
the sensor nodes and the links between them. Our method
aims at detecting malicious network traffic caused by two
kinds of attacks: sinkhole attack and wormhole attack which
are illustrated in [8]. In sinkhole attacks, compromised
nodes lure nearly all the traffics from a particular region,
therefore the emergence frequency of these nodes will be
exceptionally high in the route trace. Wormhole attacks
commonly involve two nodes colluding to lure network traf-
 fics, hence resulting in the high occurrence of the link be-
tween the two nodes in the route trace.
Alg 1 : Malicious Nodes Detecting
1: for all UWl M UW V do
2: for all qlg M UWl do
3: Q V[lg] U QV[lg] + 1
4: OV[lg> lg + 1] U OV[lg> lg + 1] + 1
Q V[qlg ]
5: if P Q V[l] A wkuhvkrog1 then
l?q
6: authenticated broadcast(qlg )
OV[ql >qm ]
7: if P OV[l>m] A wkuhvkrog2 then
l>m?q
8: authenticated broadcast(ql > qm )
Algorithm 1 depicts the pseudo code of malicious nodes
detection, where UW V represents the set of routing trace
that base station has received, UWl denotes a sequence of
nodes in the routing trace, that is UWl = (ql1 > ql2 > = = =),
and QV[l] keeps track of the statistical information of node
ql , while OV[m> n] records the statistical information of link
ql ' qm . After some statistics of the route trace informa-
tion(lines 1–4), both the node and link emergence statistics
are figured out. If a node’s emergence frequency exceeds
a certain wkuhvkrog1 , it may be the malicious node launch-
ing the sinkhole attack. If the emergence frequency of some
links exceed wkuhvkrog2 , they have high possibility of be-
ing the colluding adversaries carrying out the wormhole at-
tack. On the assumption that base station have enough en-
ergy supply and is deployed a high power radio, base station
can broadcast the malicious nodes ID network wide(lines 5–
8). We can employ the authenticate broadcast scheme called
W HVOD proposed in [6]. Because the base station feed-
back can reach every node in one hop, the feedback message
with On Way Sequence number in can successfully survive
the rushing attack [11].
3. Performance evaluation
3.1. Approximate Analysis
First we give an approximate analysis of the probability
of successful transmission, and prove that with our mecha-
nism higher rank neighbors have higher possibility of being
the next hop. The result also shows that FBSR can tolerate
node failures and guarantees a high probability of success-
ful transmission.
For simplicity, we assume that the loss rates of both data
packet and acknowledgement of all the node pairs are iden-
tical. Suppose n denotes the size of neighbor list, sg denotes
the data packet loss rate, sd denotes the acknowledgement
frame loss rate. S (Il ) denotes the probability of neighbor
ranked the ith forwarding the packet. From some statistical
Proceedings of the 20th International Conference on Advanced Information Networking and Applications (AINA’06)
1550-445X/06 $20.00 © 2006 IEEE
D
C
B
S A
Figure 3. Simulation topology
algebra, we can easily obtain:
S (Il ) = (1  sg ) × (sd  sd sl1
g + sl1
g ) (1)
From (1) we know that S (Il )  S (Im ) = (1  sg )(1 
sd )(slg  smg ) A 0> wherel ? m This equation proves that
with our mechanism, higher rank neighbors have higher
possibility of being the next hop.
Suppose Si ruzdug and Si0 ruzdu denote the data suc-
cessful transmission probability in FBSR and other proto-
cols that choose only one neighbor forwarding, respectively.
Sn
Again from (1), we can get Si ruzdug = S ( l=1 (Il )) =
0
1  sg > Si ruzdug = 1  sg
n
That is Si ruzdug A Si0 ruzdug , which proves that FBSR
guarantees a higher probability of successfully transmission
than protocols that only choose one neighbor as forwarding
candidate.
3.2. Simulation results
We have already implemented FBSR on NS2 version
2.28 [12], a network simulator. Since FBSR integrates rout-
ing and MAC layer, some modifications of 802.11 are need-
ful to make MAC layer decision and feedback possible.
For our basic simulation network topology, we used a
regular q × q grid s with q2 sensor nodes. The communica-
tion radius is set to 2, allowing the nearest eight neighbors
to be reached. The base station is placed at the right top, and
the sensing area is the four nodes at the left bottom. Figure 3
is an example of 5 × 5 grid, where S, A, and B are sensing
nodes, D is the base station. Simulation is done with net-
work sized 3 × 3, 10 × 10, 15 × 15, 20 × 20 and 25 × 25.
We use the network partition time to evaluate the en-
ergy effectiveness of FBSR and its threshold mechanism.
As in Figure 3, both S, A and B are transmitting sensed
data towards the base station. When node A, B and C are
all draining out of energy, the network is partitioned. This
network partition time is used as the energy metric. In sim-
ulation, transmitting and receiving per packet consume 10
and 8 units energy respectively(this ratio is the observation
of [13]).
 1.2
MFlood
FBSR
1
network partition time (normalized)
0.8
0.6
0.4
0.2
0 0.8
0 100
Figure 4. Network partition time
We then compare FBSR with flooding protocol accord-
ing to the network partition time. Figure 4 presents our sim-
ulation results, which shows that FBSR survives approxi-
mately two times longer than flooding before network par-
tition. This result addresses that our feedback mechanism is
energy efficient.
To demonstrate our threshold mechanism of energy eval-
uation function, we vary the threshold from 0, 0=1 to 0=5(
while threshold = 0 is the case of completely energy aware-
ness). The normalized network partition time in Figure 5
indicates the threshold does make some sense in prolong-
ing the network lifetime, which also validates our intuition
about energy efficiency.
4. Conclusion and Future Work
In this paper, The novel feedback based secure routing
protocol, an adaptable and defendable routing mechanism
for wireless sensor networks, is proposed. The main pre-
ponderance of FBSR can be summarized as follows.
1= FBSR utilizes the cross-layer feedback from MAC
layer to avoid the network congestion. And the forward-
ing decision of neighbors is determined by MAC layer con-
tention, which guarantees higher probability of successful
transmission.
2= With the feedback from neighbors, the sender makes
forwarding decision in an energy efficient way. A thresh-
old function is proposed for the evaluation of sensor nodes.
Simulation results show that FBSR survives two times
longer than flooding protocol before network partition.
3= Sinkhole and wormhole attacks are avoided using the
base station feedback. The algorithm of malicious nodes
detection is a preliminary idea, yet it brings forward a sig-
nificant question of traffic analysis on the base station.
Future work includes implementing FBSR on realistic
platform such as Berkeley MICA2 [14], comparing its per-
formance with other related protocols and design of innova-
tional mechanisms to exploit the potential capacity of base
station.
Proceedings of the 20th International Conference on Advanced Information Networking and Applications (AINA’06)
1550-445X/06 $20.00 © 2006 IEEE
1.3
threshold=0.5
threshold=0.1
1.25 threshold=0.0
network partition time(normalized)
1.2
1.15
1.1
1.05
1
0.95
0.9
0.85
200 300 400 500 600 700 0 100 200 300 400 500 600 700
number of nodes number of nodes
Figure 5. Performance of the threshold
References
[1] Dapeng Zhu, Mark Gritter, and David Cheriton. Feedback
based routing. In HotNet-I, October, 2003
[2] J. Boleng and T. Camp. Adaptive location aided mobile
ad hoc network. In Proceedings of the 23rd IEEE Interna-
tional Performance, Computing, and Communications Con-
ference, 2004.
[3] Tian He, John A Stankovic, Chenyang Lu and T. Abdelza-
her. Speed: A real-time routing protocol for sensor net-
works. In The 23rd International Conference on Distributed
Computing Systems, May 2003.
[4] Y.C. Hu, A. Perrig and D.B. Johnson. Ariadne: a secure
on-demand routing protocol for ad hoc networks. In The 8th
ACM International Conference on Mobile Computing and
Networking, September 2002.
[5] S. Basagni, K. Herrin, E. Rosti and D. Bruschi. Secure peb-
blenets. In ACM International Symposium on Mobile Ad
Hoc Networking and Computing, 2001.
[6] A. Perrig, R. Szewczyk, V. Wen, D. Culler and J.D. Tygar.
Spins: Security protocols for sensor networks. In Proceed-
ings of Seventh Annual International Conference on Mobile
Computing and Networks, July 2001.
[7] Jing Deng, Richard Han and Shivakant Mishra. Insens:
Intrusion-tolerant routing in wireless sensor networks. In
University of Colorado, Department of Computer Science
Technical Report CU-CS-939-02, 2002.
[8] C. Karlof and D. Wagner. Secure routing in wireless sensor
networks: attacks and coutermeasures. September 2003.
[9] Y. YU, D. Estrin and R. Govindan Geographical and energy-
aware routing: A recursive data dissemination protocol for
wireless sensor networks. In UCLA Computer Science De-
partment Technical Report, UCLA-CSD TR-01-0023, May
2001.
[10] S. Biswas and R. Morris. ExOR: Opportunistic Multi-Hop
Routing forWireless Networks. In SIGCOMM’05,August
2005.
[11] Y. Hu, A. Perrig, and D. Johnson. Rushing attacks and de-
fense in wireless ad hoc network routing protocols. In The
2nd ACM Workshop on Wireless Security, September 2003.
[12] NS2. In http://www.isi.edu/nsnam/ns/.
[13] O. Kasten. Energy consumption. ETH-Zurich, Swiss Fed-
eral Institute of Technology. In http://www.inf.ethz.ch/
˜kasten/research/bathtub/energy consumption.html.
[14] MICA2 Motes. In http://www.xbow.com/.