A Three-Tier Framework for

Intruder Information
Sharing in Sensor Networks

CONTENTS
Abstract
Organization Profile
Introduction
Object Oriented Analysis and Design (OOAD)
Requirement Analysis Document
1. Introduction
a. Purpose of the system
b. Scope of the system
c. Objectives and Success Criteria of the Project
d. Definitions, acronyms and abbreviations
2. Current System
3. Proposed System
a. Overview
b. Functional Requirements
c. Non Functional Requirements
i. Usability
ii. Reliability
iii. Performance
iv. Supportability
v. Implementation
vi. Interface
vii. Packaging
viii. Legal
d. System Models
i. Scenarios
ii. Use Case Model
iii. Object Model

iv. Dynamic Model

v. User interface Navigational Paths and Screen Mockups
4. Glossary
System Design Document
1. Introduction
a. Purpose of the System
b. Design Goals
c. Definitions, acronyms and abbreviations
d. References
Current Software Architecture
2. Proposed Software Architecture
a. Overview
b. Subsystem Decomposition
c. Hardware / Software mapping
d. Persistent Data management
e. Access Control and Security
f. Global Software Control
g. Boundary Conditions
3. Subsystem Services
4. Glossary
Implementation Screens
Testing
Conclusion
Bibliography

ABSTRACT

In sensor networks, an intruder (i.e., compromised node) identified and isolated in one place can be
relocated and/or duplicated to other places to continue attacks; hence, detection and isolation of the same
intruder or its clones may have to be conducted repeatedly, wasting scarce network resources.
Therefore, once an intruder is identified, it should be known to all innocent nodes such that the
intruder or its clones can be recognized when appearing elsewhere. However, secure, efficient and scalable
sharing of intruder information remains a challenging and unsolved problem.
To address this problem, we propose a three-tier framework, consisting of a verifiable intruder
reporting (VIR) scheme, a quorum based caching (QBC) scheme for efficiently propagating intruder reports
to the whole network, and a collaborative Bloom Filter (CBF) scheme for handling intruder information
locally. Extensive analysis and evaluations are also conducted to verify the efficiency and scalability of the
proposed framework.

INTRODUCTION
Due to unattended deployment environment and absence of tamper resistance, sensor networks are
vulnerable to various attacks. In response, schemes have been proposed to identify intruders (i.e.,
compromised nodes) misbehaving in routing, localization, and other scenarios.
Once an intruder is identified, it is isolated by its detectors. However, this is inadequate. Nodes other
than these detectors should also be aware of the intruder; otherwise, the intruder can be relocated or
duplicated to other places to continue attacks.
To share intruder information with all sensor nodes, the detectors may generate and flood intruder
reports to the whole network, directly or through trusted membership servers; other nodes receive and
record the reports to maintain their knowledge of intruders. This approach, however, has following security
and performance issues:
I.1) Intruders may fake false reports to revoke innocent nodes or repeatedly broadcast false reports to
drain network resources; although trusted membership servers can be used to filter false reports, these
servers may become attractive targets of attacks.
I.2) If the network scale is large and/or the network needs to operate for a long time (e.g., the
network is deployed for long-term surveillance in a hostile area) and hence requires a large number of
sensor nodes be deployed to accomplish a long network lifetime, the potential number of compromised
nodes is also large, which may result in frequent flooding of intruder information even without fake reports.
I.3) If the number of intruders is large, maintaining an intruder list in each node may cause high
storage overhead. To the best of our knowledge, there has not been any secure, efficient and scalable
solution reported in the literature that can deal with all the above issues.
To address the intruder information sharing problem, we propose three schemes in this paper:
S.1) A verifiable intruder reporting (VIR) scheme, which distributedly generates intruder reports that
are verifiable by any node, and can prevent malicious nodes from arbitrarily accusing innocent nodes unless
the majority number of neighbors of an innocent node have been compromised;

S.2) A quorum-based caching (QBC) scheme, which efficiently propagates intruder information
through caching intruder information in selected nodes and infrequently updating the information
throughout the network;
S.3) A collaborative Bloom Filter (CBF) scheme, which consumes only small storage space at each
node and meanwhile leverages localized collaboration to enable accurate identification of intruders.
To facilitate the execution of the above three schemes and also to integrate them together, we further
propose a framework that contains three tiers of interacting entities: a dedicated membership server (DMS)
on the top tier, connecting to the network occasionally at random places to avoid being tracked and attacked;
a small number of sensor nodes on the second tier, acting as temporary intruder information caches (IICs);
and other ordinary sensor nodes on the bottom tier. Extensive analysis and simulations are conducted to
evaluate the efficiency and scalability of the proposed solution.

OBJECT ORIENTED ANALYSIS AND DESIGN

Object-oriented analysis and design (OAD) is often part of the development of large scale systems
and programs often using the Unified Modeling Language (UML). OAD applies object-modeling
techniques to analyze the requirements for a context for example, a system, a set of system modules, an
organization, or a business unit and to design a solution. Most modern object-oriented analysis and
design methodologies are use case driven across requirements, design, implementation, testing, and
deployment.
Use cases were invented with object oriented programming, but they're also very well suited for
systems that will be implemented in the procedural paradigm.
The Unified Modeling Language (UML) has become the standard modeling language used in objectoriented analysis and design to graphically illustrate system concepts.
Part of the reason for OAD is its use in developing programs that will have an extended lifetime.
Object Oriented Systems
An object-oriented system is composed of objects. The behavior of the system is achieved
through collaboration between these objects, and the state of the system is the combined state of all
the objects in it. Collaboration between objects involves those sending messages to each other. The
exact semantics of message sending between objects varies depending on what kind of system is
being modeled. In some systems, "sending a message" is the same as "invoking a method". In other
systems, "sending a message" might involve sending data via a socket.
Object Oriented Analysis
Object-Oriented Analysis (OOA) aims to model the problem domain, the problem we want
to solve by developing an object-oriented (OO) system.

The source of the analysis is a written requirement statements, and/or written use cases,
UML diagrams can be used to illustrate the statements.
An analysis model will not take into account implementation constraints, such as
concurrency, distribution, persistence, or inheritance, nor how the system will be built.
The model of a system can be divided into multiple domains each of which are separately
analyzed, and represent separate business, technological, or conceptual areas of interest.
The result of object-oriented analysis is a description of what is to be built, using concepts
and relationships between concepts, often expressed as a conceptual model. Any other
documentation that is needed to describe what is to be built, is also included in the result of the
analysis. That can include a detailed user interface mock-up document.
The implementation constraints are decided during the object-oriented design (OOD)
process.
Object Oriented Design
Object-Oriented Design (OOD) is an activity where the designers are looking for logical
solutions to solve a problem, using objects.
Object-oriented design takes the conceptual model that is the result of object-oriented
analysis, and adds implementation constraints imposed by the environment, the programming
language and the chosen tools, as well as architectural assumptions chosen as basis of design.
The concepts in the conceptual model are mapped to concrete classes, to abstract interfaces
in APIs and to roles that the objects take in various situations. The interfaces and their
implementations for stable concepts can be made available as reusable services. Concepts identified
as unstable in object-oriented analysis will form basis for policy classes that make decisions,
implement environment-specific or situation specific logic or algorithms.
The result of the object-oriented design is a detail description how the system can be built,
using objects.

Object-oriented software engineering (OOSE) is an object modeling language and

methodology OOSE was developed by Ivar Jacobson in 1992 while at Objectory AB. It is the first
object-oriented design methodology to employ use cases to drive software design. It also uses other
design products similar to those used by OMT.
The tool Objectory was created by the team at Objectory AB to implement the OOSE
methodology. After success in the marketplace, other tool vendors also supported OOSE.
After Rational bought Objectory AB, the OOSE notation, methodology, and tools became
superseded.

As one of the primary sources of the Unified Modeling Language (UML),

concepts and notation from OOSE have been incorporated into UML.

The methodology part of OOSE has since evolved into the Rational Unified
Process (RUP).

The OOSE tools have been replaced by tools supporting UML and RUP.

OOSE has been largely replaced by the UML notation and by the RUP methodology.

SOFTWARE PROFILE

REQUIREMENTS ANALYSIS DOCUMENT

1. Introduction
a.

Purpose of the System

The security is the big issue in the sensor network, because of its hardware capability.

Part of the security issue are, denial of service (DoS): - which is able to waste scarce network
resources, false accusation: - an intruder may mis-accuse an innocent sensor node and
Fabrication/Dropping Attack. Its made by the intruder, someone who intrudes on the privacy or
property of another without permission.
So, to prevent the sensor node not even one the whole network from this kind of attack, a
system needs to identify and do so. This is the need of this system.
b.

Scope of the System

The problem of detecting, identifying, sharing and preventing is focused in this
system. Each and every phase has been separated and dealt with exact solutions though a
wide network.

c.

Objectives and Success Criteria of the Project

The proposed frame work has been divided into three phases; they are top tier,
middle tier and bottom tier. The intrusion has been dealt step by step and maintained the
stability of the network and the sensor nodes by providing the fusible methods.

d.

Definitions, Acronyms and Abbreviation

VIR

verifiable intruder reporting

QBC

quorum-based caching

CBF

collaborative Bloom Filter

DMS

dedicated membership server

IIC

intruder information caches

GPS

global positioning system

DoS

denial of service

DMS

dedicated membership server

VIR

verifiable intruder reporting

ECC

elliptic curve cryptography

SBF

simple bloom filter

2. Current System
The current system will be based on the traditional approaches which will not use any caching
mechanism, detection and reporting mechanism to the base station. Hence the performance of the
system is low compared to the proposed system.

3. Proposed System
a. Overview
The proposed framework is composed of the following three tiers of entities:
On the top tier is a dedicated membership server (DMS), which aggregates and
periodically disseminates intruder information to the whole network. Due to its critical role,
the DMS may become an attractive target of attacks. Specifically, the adversary may locate
the DMS and then either compromise the DMS directly or block the communication between
the DMS and the rest of the network. To protect the DMS, it is not connected to the network

all the time. Instead, it goes online every now and then at different places randomly. The
protection makes it hard for the adversary to trace, attack, or isolate the DMS.
On the middle tier are intruder information caches (IICs), which are a small number
of sensor nodes picked from all sensor nodes in the network. They temporarily cache new
intruder information when the DMS is offline. As ordinary sensor nodes, they could be
compromised by the adversary. If compromised, the intruder information cached by these
IICs may be removed or modified, which is addressed in our solution through

Verifying intruder information to prevent faking or

fabricating,

Duplicating intruder information to maintain high

availability of the information.

On the bottom tier are ordinary sensor nodes, which collaboratively identify intruders
and report intruder information to IICs. Sensor nodes maintain their own intruder information
based on the periodical updates disseminated by the DMS, and collaboratively determine the
legitimacy of sensor nodes that join their neighborhoods; they may also query IICs to obtain
latest intruder information when necessary.
To summarize, interactions between these entities include: Sensor nodes
collaboratively generate intruder reports that can be verified by any other nodes, and send
them to a certain set of IICs. Every time interval l, the DMS queries IICs to collect the
reports for intruders that have been identified since the previous query, and then disseminates
the IDs of these intruders to all sensor nodes in a secure manner. Upon receiving it, every
sensor node records these intruders; if the sensor node is also an IIC, it removes these
intruders from its cache. When a node joins a neighborhood, the neighbors can use their own
knowledge about identified intruder to determine if the new arrival is intruder or not. If the
neighbors need more accurate intruder information, they may query a certain set of IICs to
obtain it.
b. Functional Requirements

c. Non Functional Requirements

d. System Models
i. Use Case Model
ii. Object Model
iii. Dynamic Model
iv. User interface Navigational Paths and Screen Mockups

4. Glossary

SYSTEM DESGN DOCCUMENT

1. Introduction
a. Purpose of the system
To detect, identify, share, prevent and sustain the stability of the sensor network by
the proposed system.
b. Design Model

c. Definitions, acronyms and abbreviations

i.

VIR

verifiable intruder reporting

ii.

QBC

quorum-based caching

iii.

CBF

collaborative Bloom Filter

iv.

DMS

dedicated membership server

v.

IIC

intruder information caches

vi.

GPS

global positioning system

vii.

DoS

denial of service

viii.

DMS

dedicated membership server

ix.

VIR

verifiable intruder reporting

x.

ECC

elliptic curve cryptography

xi.

SBF

simple bloom filter

2. Current Software Architecture

3. Proposed Software Architecture
4. Subsystem Services
The project is divided in to four modules
1. Verifiable Intruder Reporting Module
2. Quorum Based Caching module
3. Collaborative Boom filter module.
4. Simulator module
Verifiable Intruder Reporting Module: This module is responsible for detecting the intruder who
penetrated into the system. The detected intruder will be reported to the base station. The intruder
information is placed with public access to all the sensors in the network.
Quorum Based Caching Module: This module will deal with caching of information. Information
caching is required for better performance of the system. Since sensors always refer to the intruder
information when data transmission is done. The frequent referred data is to be cached by this
module.
Collaborative Boom filter Module: This module will filter the data streams based on the probabilistic
data structure.

Simulator Module: This module will deal with the simulation of sensor networks application. The
GUI is built in this module.
5. Glossary

IMPLEMENTATION SCREENS

TESTING

CONCLUSION

In this paper, we proposed a three-tier framework for intruder information sharing in sensor
networks. The framework consists of a verifiable intruder reporting (VIR) scheme, a quorum-based caching
(QBC) scheme for system-wide propagation of intruder information, and a collaborative Bloom Filter
(CBF) scheme for local management of intruder information.
Extensive analysis and simulation are also conducted to verify the efficiency of the proposed
framework as long as the system parameters are carefully chosen.

BIBILIOGRAPHY