Detection of Node Capture Attack in Wireless Sensor Networks

Wireless sensor networks (WSNs) deployed in hostile environments for applications such as battle-field surveillance are vulnerable to various attacks, including node capture attack wherein an adversary physically captures, reprograms, and redeploys a node in the network. In this paper, we present a novel approach of program integrity verification (PIV) protocol to detect whether a node is captured. The cluster head equipped with trusted platform module (TPM) verifies by comparing the program memory content of the sensor node before and after capture. The proposed TPM-enabled PIV (TPIV) protocol uses dynamically computed hash-based key and pseudorandom function for detection of a captured node in the network. The security analysis of the TPIV protocol reveals that the probability of a node capture attack victim eluding the PIV and leaking the secret of any noncaptured node is negligible. The proposed TPIV protocol can detect the captured node even in the presence of a strong adversary capable of putting additional memory to elude the PIV. With the results of analytical and experimental comparisons, we show the performance improvement of TPIV protocol in terms of low communication, computation, and storage overhead as compared to the related protocols for PIV in WSN.