Abstract
Sensor networks are often subject to physical attacks. Once a node's cryptographic key is compromised, an attacker may completely impersonate it and introduce arbitrary false information into the network. Basic cryptographic mechanisms are often not effective in this situation. Most techniques to address this problem focus on detecting and tolerating false information introduced by compromised nodes. They cannot pinpoint exactly where the false information is introduced and who is responsible for it.
In this article, we propose an application-independent framework for accurately identifying compromised sensor nodes. The framework provides an appropriate abstraction of application-specific detection mechanisms and models the unique properties of sensor networks. Based on the framework, we develop alert reasoning algorithms to identify compromised nodes. The algorithm assumes that compromised nodes may collude at will. We show that our algorithm is optimal in the sense that it identifies the largest number of compromised nodes without introducing false positives. We evaluate the effectiveness of the designed algorithm through comprehensive experiments.
- Aberer, K. and Despotovic, Z. 2001. Managing trust in a peer-2-peer information system. In Proceedings of the 9th International Conference on Information and Knowledge Management (CIKM). Google ScholarDigital Library
- Araki, T. and Shibata, Y. 2003. (t, k)-diagnosable system: A generalization of the pmc models. IEEE Trans. Comput. 52, 7. Google ScholarDigital Library
- Bose, P., Morin, P., Stojmenovic, I., and Urrutia, J. 2001. Routing with guaranteed delivery in ad hoc wireless networks. ACM Wirel. Netw. 7, 6, 609--616. Google ScholarDigital Library
- Camtepe, S. and Yener, B. 2004. Combinatorial design of key distribution mechanisms for wireless sensor networks. In 9th European Symposium On Research in Computer Security (ESORICS'04).Google Scholar
- Chan, H., Perrig, A., and Song, D. 2003. Random key predistribution schemes for sensor networks. In Proceedings of the IEEE Symposium on Security and Privacy(SP'03). Google ScholarDigital Library
- Crossbow Technology Inc. 2003. MTS/MDA Sensor and Data Acquisition Boards User Manual.Google Scholar
- Dahbura, A. and Masson, G. 1983a. Greedy diagnosis of an intermittent-fault/transient-upset tolerant system design. IEEE Trans. Comput. C-32, 10, 953--957. Google ScholarDigital Library
- Dahbura, A. and Masson, G. 1983b. Greedy diagnosis of hybrid fault situations. IEEE Trans. Comput. C-32, 8, 777--782. Google ScholarDigital Library
- Dahbura, A. and Masson, G. 1984. An o(n 2.5) fault identification algorithm for diagnosable systems. IEEE Trans. Comput. C-33, 6, 486--492. Google ScholarDigital Library
- Dahbura, A., Sabnani, K., and King, L. 1987. The comparison approach to multiprocessor fault diagnosis. IEEE Trans. Comput. C-36, 3, 373--378. Google ScholarDigital Library
- Deng, J., Han, R., and Mishra, S. 2003. Security support for in-network processing in wireless sensor networks. In Proceedings of the ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN '03). Google ScholarDigital Library
- Deng, J., Han, R., and Mishra, S. 2004. A robust and light-weight routing mechanism for wireless sensor networks. In Proceedings of the Workshop on Dependability Issues in Wireless Ad Hoc Networks and Sensor Networks (DIWANS).Google Scholar
- Du, W., Deng, J., Han, Y. S., and Varshney, P. K. 2003a. A witness-based approach for data fusion assurance in wireless sensor networks. In Proceedings of the IEEE Global Communications Conference (GLOBECOM).Google Scholar
- Du, W., Deng, J., Han, Y. S., and Varshney, P. K. 2003b. A pairwise key pre-distribution scheme for wireless sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS'03). Google ScholarDigital Library
- Du, W., Fang, L., and Ning, P. 2005. Lad: Localization anomaly detection for wireless sensor networks. In Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05). Google ScholarDigital Library
- Eschenauer, L. and Gligor, V. D. 2002. A key-management scheme for distributed sensor networks. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS '02). Google ScholarDigital Library
- Fuhrman, C. P. 1996. Comparison-based diagnosis in faulttolerant, multiprocessor systems. Ph.D. thesis, Department of Computer Science, Swiss Federal Institute of Technology in Lausanne (EPFL).Google Scholar
- Ganeriwal, S. and Srivastava, M. B. 2004. Reputation-based framework for high integrity sensor networks. In Proceedings of the ACM Security for Ad-Hoc and Sensor Networks (SASN'04). Google ScholarDigital Library
- Golbeck, J. and Hendler, J. 2004. Accuracy of metrics for inferring trust and reputation in semantic Web-based social networks. In Proceedings of the International Conference on Knowledge Engineering and Knowledge Management (EKAW). Northamptonshire, U.K.Google Scholar
- Ho, T., Leong, B., Koetter, R., Medard, M., Effros, M., and Karger, D. 2004. Byzantine modification detection in multicast networks using randomized network coding. In Proceedings of the IEEE International Symposium on Information Theory (ISIT).Google Scholar
- Hu, L. and Evans, D. 2003. Secure aggregation for wireless networks. In Proceedings of the Workshop on Security and Assurance in Ad Hoc Networks. Google ScholarDigital Library
- Kamvar, S., Schlosser, M., and Garcia-Molina, H. 2003. EigenRep: Reputation management in P2P networks. In Proceedings of the 12th International World Wide Web Conference. Google ScholarDigital Library
- Kozlowski, W. and Krawczyk, H. 1991. A comparison-based approach to multicomputer system diagnosis in hybrid fault situations. IEEE Trans. Comput. C-40, 11, 1283--1287. Google ScholarDigital Library
- Lamport, L., Shostak, R., and Pease, M. 1982. The Byzantine generals problem. ACM Trans. Program. Lang. Syst. 4, 3. Google ScholarDigital Library
- Lawrence, R., Sergey, B., Rajeev, M., and Terry, W. 1998. The PageRank citation ranking: Bringing order to the Web. Tech. rep., Department of Computer Science, Stanford University.Google Scholar
- Lee, S., Sherwood, R., and Bhattacharjee, B. 2003. Cooperative peer groups in NICE. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communication Societies (INFOCOM).Google Scholar
- Liu, D. and Ning, P. 2003. Establishing pairwise keys in distributed sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS'03). Google ScholarDigital Library
- Liu, D., Ning, P., and Du, W. 2003. Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks. In Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS'03).Google Scholar
- Liu, D., Ning, P., and Du, W. 2005. Detecting malicious beacon nodes for secure location discovery in wireless sensor networks. In Proceedings of the 25th International Conference on Distributed Computing Systems (ICDCS'05). Google ScholarDigital Library
- Liu, D., Ning, P., and Li, R. 2005. Establishing pairwise keys in distributed sensor networks. ACM Trans. Inform. Syst. Secur. 8, 1. Google ScholarDigital Library
- Marx, D. 2004. Parameteried complexity of constraint satisfaction problems. In Proceedings of the 19th Annual IEEE Conference on Computational Complexity. Google ScholarDigital Library
- Micali, S. and Vazirani, V. 1980. An √|V||e| algorithm for finding maximum matchings in general graphs. In Proceedings of the 21st Symp. Foundations of Computing.Google Scholar
- Mui, L., Mohtashemi, M., and Halberstadt, A. 2002. A computational model of trust and reputation. In Proceedings of the 35th Hawaii International Conference on System Science. Google ScholarDigital Library
- Perrig, A., Canetti, R., Song, D., and Tygar, D. 2000. Effient authentication and signing of multicast streams over lossy channels. In Proceedings of the IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- Perrig, A., Szewczyk, R., Wen, V., Culler, D., and Tygar, J. D. 2001. SPINS: Security protocols for sensor networks. In Proceedings of the 7th Annual ACM International Conference on Mobile Computing and Networks (MobiCom'01). Google ScholarDigital Library
- Preparata, F. P., Metze, G., and Chien, R. T. 1967. On the connection assignment problem of diagosable systems. IEEE Trans. Electron. Comput. 16, 6, 848--854.Google ScholarCross Ref
- Przydatek, B., Song, D., and Perrig, A. 2003. SIA: Secure information aggregation in sensor networks. In Proceedings of the 1st ACM Conference on Embedded Networked Sensor Systems (SenSys'03). Google ScholarDigital Library
- Richardson, M., Agrawal, R., and Domingos, P. 2003. Trust management for the Semantic Web. In Proceedings of the 2nd International Semantic Web Conference.Google Scholar
- Sullivan, G. F. 1988. An o(t 3 + |e|) fault identification algorithm for diagnosable systems. IEEE Trans. Comput. 37, 4. Google ScholarDigital Library
- Vazirani, V. V., Ed. 2001. Approximation Algorithms. Springer-Verlag, Berlin, Germany. Google ScholarDigital Library
- Xiong, L. and Liu, L. 2002. Building trust in decentralized peer-to-peer electronic communities. In Proceedings of the 5th International Conference on Electronic Commerce Research (ICECR).Google Scholar
- Ye, F., Luo, H., Lu, S., and Zhang, L. 2004. Statistical en-route filtering of injected false data in sensor networks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communication Societies (INFOCOM).Google Scholar
- Yu, B. and Singh, M. P. 2002. An evidential model of distributed reputation management. In Proceedings of the 1st International Joint Conference on Autonomous Agents and MultiAgent Systems (AAMAS). Google ScholarDigital Library
- Zhang, Q., Yu, T., and Ning, P. 2006. A framework for identifying compromised nodes in sensor networks. In Proceedings of the 2nd IEEE Communications Society/CreateNet International Conference on Security and Privacy in Communication Networks (SecureComm'06).Google Scholar
- Zhu, S., Setia, S., Jajodia, S., and Ning, P. 2004. An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks. In Proceedings of the IEEE Symposium on Security and Privacy, 260--272.Google Scholar
Index Terms
- A Framework for Identifying Compromised Nodes in Wireless Sensor Networks
Recommendations
Detecting Compromised Nodes in Wireless Sensor Networks
SNPD '07: Proceedings of the Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing - Volume 01While wireless sensor networks are proving to be a versatile tool, many of the applications in which they are implemented have sensitive data. In other words, security is crucial in many of these applications. Once a sensor node has been compromised, ...
Compromise-resilient anti-jamming communication in wireless sensor networks
Jamming is a kind of Denial-of-Service attack in which an adversary purposefully emits radio frequency signals to corrupt the wireless transmissions among normal nodes. Although some research has been conducted on countering jamming attacks, few works ...
Comments