Attack Detection in Wireless ad-hoc Network

The defense mechanism of Sybil by considering the characteristics of Sybil that has been mentioned is vital to improve detection accuracy. We have reviewed several defense machineries from Sybil attacks on wireless ad-hoc networks using the SLR method. In general, the steps taken are planning, implementing, and documenting. The planning step consists of identifying review needs, defining and taking specific research questions, developing research protocols, and evaluating review protocols. In the second stage, the implementation of research identification is carried out by conducting a pilot selection and extraction, followed by a selection of the main study quality assessment, data extraction, and data synthesis. The last step taken is documentation, including drawing conclusions and considering threats [13].

Cryptographic Based

This method uses the cryptographic protocol, often mainly used to prevent the occurrence of Sybil attacks. Broadly speaking, this defense mechanism is performed by authenticating nodes, using public key certificates to guarantee trust, using secret symmetric keys to prevent other nodes from communicating with the network, and using watermarking to guarantee valid data.

• • Authentication: the schema working with each node must be able to prove that it is a valid node through a series of message exchanges on the authentication protocol.
• • Public Key Infrastructure: a cryptographic system based on public keys is used to improve security by allowing nodes to communicate in networks with trust values based on certificates held. In this system, certificate- based techniques are used in encryption and authentication machinery. Centralized authority for certification is required.
• • Symmetric Key: this scheme relies on encrypting and decrypting messages between nodes using a symmetric encryption algorithm. This technique is used in the network to create secure paths to communicate w'ith each other by using a set of pre-agreed keys or using a trusted third party to ensure the distribution of keys to all legitimate nodes in the network. With this defense mechanism, the Sybil node will have difficulty getting the key so that it is only possible to obtain a compromised node by stealing [14].
• • Watermarking: Watermarking techniques used to be the solution to implementing cryptography on devices with limited resources. The main idea is to embed information that allows an individual to add verification messages to communication data. So, the Sybil nodes cannot make an attack because it cannot change the watermark constraints that have been embed in data.

In the application of IoT defense machinery using cryptography, there are disadvantages:

• • Dependence on cryptographic hardware and software.
• • Compatibility issue with network types and routing protocols on IoT.
• • Scalability in the addition of new nodes/points that may increase resource requirements exponentially.
• • High memory, computing, and communication overhead that is not suitable for resource-constrained network.
• • To ensure the network has safe keys and algorithms, high costs are needed for key generation and key distribution.

Location Verification Based

• • The location/position-based method utilizes measurement parameters that can be physically observed to estimate the location and position of the node to detect Sybil attacks. This method is used with the assumption that there may not be different nodes that are in the same location. So that if found, it will be concluded as a Sybil node. Another assumption is to use position verification where a node equipped with a Global Positioning System (GPS) will send its location to a valid node, and then the node will verify based on the estimated position of the propagation model of the received signal [15].
• • This method can be grouped into two categories, namely, range-based and range-free methods.
• • Range-based: the estimated position is calculated based on the physical indicator used to estimate the distance between the transmitter and receiver. This distance estimate is usually based on the Received Signal Strength Indicator (RSSI), time-based methods such as Time of Arrival (ToA) and Time Difference of Arrival (TDoA). This method is suitable for IoT devices because it is low cost, where the distance between two entities is estimated only based on the received signal strength and the indicators that the device has by default.
• • Range-free: this method has high accuracy in distance calculation. By utilizing data from GPS, Radar, or location-based/localization scheme, this method can also be used as a support for position estimation using ranged based.

In applying IoT, the location/position-based defense method has disadvantages. Location/Position-based defense method is not suitable for use on mobile networks such as MANET and VANET; the accuracy of approximate location decreases due to rapid changes in network topology and changes in node position.

Location/Position-based accuracy of the method depends on the environment. Interference, multipath fading, and shadowing lead to inaccurate location estimation.

Location/Position-based privacy violations where identity is required to send position information so that the route of movement of the nodes can be traced.

Network Behavior-Based

This method purely detects Sybil nodes based on their features and behavior in the network. The detection method specifically detects features that allow accurate classification between Sybil nodes and valid nodes [16].

In applying IoT, network behavior-based defense method has disadvantages including:

• • Only detects Sybil nodes according to the context expected by the detection method, so that Sybil nodes with specific knowledge can escape detection.
• • It requires specialized hardware that has a large capacity to collect and analyze data.

Resource Testing

This method approach is made by testing the unique resources of the node, assuming that each physical node has specific limited resources. A node will be challenged to provide knowledge about specific resources (usually in the form of physical fingerprinting or based on energy), then the verifier compares the resources used by an entity with the typical value or threshold of the resources owned by that entity. Incompatibility indicates the possibility of a Sybil attack [17-19].

• • Energy-based: the basic idea of energy-based testing is to verify assuming the node has a predictable energy parameter, so that if a node is found to be incompatible with the existing node in providing an answer, then the node is considered a malicious node.
• • Physical fingerprinting: each device has unique characteristics. This characteristic is the basis of verification to determine whether the point is valid or not.

Trust-Based

Trust is defined as a relationship of trustor and trustee; the trustor can periodically evaluate the trusteeship to assess its eligibility. Trusted based is based on the value of trust that must be maintained by each node to remain in the network. This trust value can be obtained from trusted devices or from neighbor trusts [20].

• • Centralized trust, In the trust-based method using a trusted device, usually in the initial stage, a comprehensive network mapping is carried out on all nodes, with the device obtaining its identity and trust value. Then, the trust value is evaluated to determine the possibility that the node is not a Sybil node.
• • Decentralized trust, In the detection approach based on the relationship between neighbors, each node will visit nearby nodes based on the pattern of relationships and behavior of these nodes in the network.

In applying IoT, the trust-based defense method has disadvantages, including the method is not able to detect if Sybil node dominates the number of nodes in the process of determining the value of trust.

The defense mechanism of Sybil by considering the characteristics of Sybil that has been mentioned is essential to improve detection accuracy. From the reviewed paper, we select several latest proposed schemes to present how each method can be used to recognized properties of Sybil attack in every phase. As not all defense machinery can handle all Sybil attack properties, some have implemented privacy protections, and some can work on mobile networks and fast-changing networks. A practical, energy-efficient, versatile defense mechanism that can cover all Sybil attacks properties is highly recommended [21].