ABSTRACT
Mobile sinks are needed in many sensor network applications for efficient data collection, data querying, localized sensor reprogramming, identifying and revoking compromised sensors, and other network maintenance. Employing mobile sinks however raises a new security challenge: if a mobile sink is given too many privileges, it will become very attractive for attack and compromise. Using a compromised mobile sink, an adversary may easily bring down or even take over the sensor network. Thus, security mechanisms that can tolerate mobile sink compromises are essential. In this paper, based on the principle of least privilege, we first propose several efficient schemes to restrict the privilege of a mobile sink without impeding its capability of carrying out any authorized operations for an assigned task. To further reduce the possible damages caused by a compromised mobile sink, we then propose efficient message forwarding schemes for depriving the privilege assigned to a compromised mobile sink immediately after its compromise has been detected. Through detailed analysis and simulations, we show that our schemes are secure and efficient, and are highly practical for sensor networks consisting of the current generation of sensors.
- I. Akyildiz, W. Su, Y. Sankarasubramaniam, and E.Cayirci, "Wireless Sensor Networks: A Survey," Computer Networks, vol. 38, no. 4, March 2002. Google ScholarDigital Library
- A. Kansal, A. Somasundara, D. Jea, M. Srivastava, and D. Estrin, "Intelligent fluid infrastructure for embedded networks," ACM MobiSYS'04, June 2004. Google ScholarDigital Library
- Y. Tirta, Z. Li, Y. Lu, and S. Bagchi, "Efficient Collection of Sensor Data in Remote Fields Using Mobile Collectors," The 13th International Conference on Computer Communications and Networks (ICCCN 2004), October 2004.Google Scholar
- F. Ye, H. Luo, J. Cheng, S. Lu, and L. Zhang, "A Two-Tier Data Dissemination Model for Large-scale Wireless Sensor Networks," ACM International Conference on Mobile Computing and Networking (MOBICOM'02), pp. 148--159, September 2002. Google ScholarDigital Library
- W. Zhang, G. Cao, and T. La Porta, "Data Dissemination with Ring-Based Index for Wireless Sensor Networks," IEEE International Conference on Network Protocols (ICNP), pp. 305--314, November 2003. Google ScholarDigital Library
- D. Liu and P. Ning, "Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks," in Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS'03), 2003, pp. 263--276.Google Scholar
- A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. Tygar, "SPINS: Security Protocols for Sensor Networks," Proc. of Seventh Annual ACM International Conference on Mobile Computing and Networks(Mobicom 2001), July 2001. Google ScholarDigital Library
- H. Chan, A. Perrig, D. Song, "Random Key Predistribution Schemes for Sensor Networks," Proc. of the IEEE Security and Privacy Symposim 2003, May 2003. Google ScholarDigital Library
- W. Du, J. Deng, Y. Han, and P. Varshney, "A pairwise key pre-distribution scheme for wireless sensor networks," in Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS'03), 2003, pp. 42--51. Google ScholarDigital Library
- L. Eschenauer and V. Gligor, "A Key-Management Scheme for Distributed Sensor Networks," Proc. of ACM CCS 2002, 2002. Google ScholarDigital Library
- D. Liu and P. Ning, "Establishing pairwise keys in distributed sensor networks," in Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03), 2003, pp. 52--61. Google ScholarDigital Library
- S. Zhu, S. Setia, and S. Jajodia, "Leap: Efficient security mechanisms for large-scale distributed sensor networks," in Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03), 2003, pp. 62--72. Google ScholarDigital Library
- C. Karlof and D. Wagner, "Secure Routing in Sensor Networks: Attacks and Countermeasures," Proc. of First IEEE Workshop on Sensor Network Protocols and Applications, May 2003.Google Scholar
- A. Wood and J. Stankovic, "Denial of service in sensor networks," IEEE Computer, pp. 54--62, 2002. Google ScholarDigital Library
- J. Deng, R. Han, and S. Mishra, "Intrusion tolerance strategies in wireless sensor networks," in Proceedings of IEEE 2004 International Conference on Dependable Systems and Networks (DSN'04), 2004. Google ScholarDigital Library
- F. Stajano and R. Anderson, "The protection of information in computing systems," in Proceedings of the IEEE, 1975.Google Scholar
- CROSSBOW TECHNOLOGY INC., "Wireless sensor networks," http://www.xbow.com/Products/ Wireless_Sensor_Networks.htm.Google Scholar
- UC~Berkeley The EECS~department, "Cotsbots: The mobile mote-based robots," http://www-bsac.eecs.berkeley.edu/projects/cotsbots/.Google Scholar
- Y. Xu, J. Heidemann and D. Estrin, "Geography Informed Energy Conservation for Ad Hoc Routing," ACM MOBICOM'01, July 2001. Google ScholarDigital Library
- S. Ganeriwal, R. Kumar, and M. Srivastava, "Timing-sync protocol for sensor networks," in Proceedings of ACM SenSys'03, 2003. Google ScholarDigital Library
- S. Capkun and J. Hubaux, "Secure positioning in sensor networks," in Technical report EPFL/IC/200444.Google Scholar
- L. Lazos and R. Pooverdran, "Serloc: Secure range-independent localization for wireless sensor networks," in Proceedings of of ACM Workshop WiSe'04, 2004. Google ScholarDigital Library
- O. Goldreich, S. Goldwasser, and S. Micali, "How to Construct Random Functions," Journal of the ACM, vol. 33, no. 4, pp. 210--217, 1986. Google ScholarDigital Library
- Carlo Blundo, Alfredo~De Santis, Amir Herzberg, Shay Kutten, Ugo Vaccaro, and Moti Yung, "Perfectly-secure key distribution for dynamic conferences," in Advances in Cryptology, Proceedings of CRYPTO'92, 1993, LNCS 740, pp. 471--486. Google ScholarDigital Library
- Ralph Merkle, "A certified digital signature," in Proceedings of Advances in Crypto-89, 1989, pp. 218--238. Google ScholarDigital Library
- R. Rivest, "The rc5 encryption algorithm," in Proceedings of the 1st International Workshop on Fast Software Encryption, 1994, pp. 86--96.Google Scholar
- F. Ye, H. Luo, S. Lu, and L. Zhang, "Statistical en-route detection and filtering of injected false data in sensor networks," in Proceedings of IEEE Infocom'04, 2004.Google Scholar
- Y. Ko and N. Vaidya, "GeoTORA: A Protocol for Geocasting in Mobile Ad Hoc Networks," International Conference on Network Protocols (ICNP), November 2000. Google ScholarDigital Library
- Q. Huang, C. Lu, and G. Roman, "Spatiotemporal Multicast in Sensor Networks," ACM Sensys'03, November 2003. Google ScholarDigital Library
- I. Stojmenovic P. Bose, P. Morin and J. Urrutia, "Routing with guaranteed delivery in ad hoc wireless networks," International Workshop on Discrete Algorithms and methods for mobile computing and communications. Google ScholarDigital Library
- B. Karp and H. Kung, "GPSR: Greedy Perimeter Stateless Routing for Wireless Networks," The Sixth Aunual ACM/IEEE International Conference on Mobile Computing and Networking (Mobicom 2000), Aug. 2000. Google ScholarDigital Library
- F. Kuhn, R. Wattenhofer, and A. Zollinger, "Worst-case optimal and average-case efficient geometric ad-hoc routing," ACM MobiHoc'03, 2003. Google ScholarDigital Library
- A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. Tygar, "SPINS: Security Suite for Sensor networks," Mobicom'01, 2001. Google ScholarDigital Library
- S. Marti, T. Giuli, K. Lai, and M. Baker, "Mitigating Routing Misbehavior in Mobile Ad Hoc Networks," ACM MobiCom, August 2000. Google ScholarDigital Library
- S. Ganeriwal and M. Srivastava, "Reputation-based framework for high integrity sensor networks," in Proceedings of ACM Workshop on the Security of Ad Hoc and Sensor Networks (SASN'04), 2004. Google ScholarDigital Library
- S. Zhu, S. Xu, S. Setia, and S. Jajodia, "Establishing Pairwise Keys For Secure Communication in Ad Hoc Networks: A Probabilistic Approach," IEEE International Conference on Network Protocol (ICNP), November 2003. Google ScholarDigital Library
- D. Medhi D. Huang, M. Mehta and L. Harn, "Location-aware key management scheme for wireless sensor networks," in Proceedings of Workshop on Security of Ad Hoc and Sensor Networks, 2004. Google ScholarDigital Library
- J. Deng, R. Han, and S. Mishra, "Security support for in-network processing in wireless sensor networks," in Proceedings of First ACM Workshop on the Security of Ad Hoc and Sensor Networks (SASN'03), 2003. Google ScholarDigital Library
- S. Zhu, S. Setia, S. Jajodia, and P. Ning, "An Interleaved Hop-by-Hop Authentication Scheme for Filtering False Data in Sensor Networks," IEEE Symposium on Security and Privacy, 2004.Google Scholar
- F. Ye, H. Luo, S. Lu, and L. Zhang, "Statistical En-route Filtering of Injected False Data in Sensor Networks," IEEE INFOCOM'04, March 2004.Google Scholar
- Y. Hu, A. Perrig, and D. Johnson, "Packet Leashes: A Defense against Wormhole Attacks in Wireless Ad Hoc Networks," Proceedings of INFOCOM 2003, April 2003.Google Scholar
- W. Zhang and G. Cao, "Group rekeying for filtering false data in sensor networks: A predistribution and local collaboration based approach," IEEE INFOCOM'05, 2005.Google Scholar
Index Terms
- Least privilege and privilege deprivation: towards tolerating mobile sink compromises in wireless sensor networks
Recommendations
Least privilege and privilege deprivation: Toward tolerating mobile sink compromises in wireless sensor networks
Mobile sinks are needed in many sensor network applications for efficient data collection, data querying, localized sensor reprogramming, identifying, and revoking compromised sensors, and other network maintenance. Employing mobile sinks however raises ...
Towards an efficient positioning of mobile sinks in wireless sensor networks inside buildings
NTMS'09: Proceedings of the 3rd international conference on New technologies, mobility and securityRecent years have witnessed an increasing need for wireless sensor networks in a wide range of applications specially for buildings automation. In such networks, many sensor nodes relay the sensed data hop by hop towards the nearest sink. The sensors ...
Efficient mobile sink-based data gathering in wireless sensor networks with guaranteed delay
MobiWac '14: Proceedings of the 12th ACM international symposium on Mobility management and wireless accessIn this paper, we present a rendezvous-based data gathering protocol for wireless sensor networks employing a mobile sink. For satisfying timely delivery of sensory data to the mobile sink, the mobile sink is forced to visit only an appropriate number ...
Comments