Node compromise is a serious security threat that hinders the successful deployment of large-scale wireless sensor networks. A node compromise often consists of three stages: physically obtaining and compromising the sensors, redeploying the compromised sensors, and compromised nodes launching attacks after their rejoining the network. By far, all the proposed compromise detection schemes address this problem at the third stage. In this paper, we make the first attempt to detect node compromise at the second stage. Our motivation is that for some applications an attacker may not be able to precisely deploy the compromised sensors back into their original positions. Thus, the detection of location change will become an indication of a potential node compromise. We name this node redeployment detection problem. We propose two approaches to detect node redeployment, based on the change of node neighborship and the change of measured distances between nodes, respectively. Our simulation study shows that both schemes can detect node redeployment effectively (with low false positive rate and high detection rate).

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	H. Choi, S. Zhu, and T. Laporta. "SET: Detecting Node Clones in Sensor Networks," in SecureComm, Sep. 2007.
	2	Jing Deng , Richard Han , Shivakant Mishra, Countermeasures Against Traffic Analysis Attacks in Wireless Sensor Networks, Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks, p.113-126, September 05-09, 2005  [doi>10.1109/SECURECOMM.2005.16]
	3	P. Kyasanur and N. H. Vaidya, "Detection and handling of mac layer misbehavior in wireless networks," in IEEE DSN, 2003.
	4	Donggang Liu , Peng Ning , Wenliang Kevin Du, Attack-resistant location estimation in sensor networks, Proceedings of the 4th international symposium on Information processing in sensor networks, April 24-27, 2005, Los Angeles, California
	5	A. Michalski and J. Czajewski, "The accuracy of the global positioning systems," IEEE Instrumentation & Measurement Magazine, vol. 7, no. 1, pp. 56--60, March 2004.
	6	NIST/SEMATECH, "e-handbook of statistical methods," http://www.itl.nist.gov/div898/handbook/toolaids/pff/prc.pdf.
	7	A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla, "Swatt: Software-based attestation for embedded devices," in Proceedings of the IEEE Symposium on Security and Privacy, May 2004.
	8	Fan Ye , Hao Yang , Zhen Liu, Catching "Moles" in Sensor Networks, Proceedings of the 27th International Conference on Distributed Computing Systems, p.69, June 25-27, 2007  [doi>10.1109/ICDCS.2007.89]
	9	Sencun Zhu , Sanjeev Setia , Sushil Jajodia, LEAP: efficient security mechanisms for large-scale distributed sensor networks, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA  [doi>10.1145/948109.948120]
	10	S. Zhu, S. Setia, S. Jajodia, and P. Ning, "An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks," in Proceedings of IEEE Symposium on Security and Privacy, 2004, pp. 259--271.