Abstract
Sensor networks are often deployed in unattended environments, thus leaving these networks vulnerable to false data injection attacks in which an adversary injects false data into the network with the goal of deceiving the base station or depleting the resources of the relaying nodes. Standard authentication mechanisms cannot prevent this attack if the adversary has compromised one or a small number of sensor nodes. We present three interleaved hop-by-hop authentication schemes that guarantee that the base station can detect injected false data immediately when no more than t nodes are compromised, where t is a system design parameter. Moreover, these schemes enable an intermediate forwarding node to detect and discard false data packets as early as possible. Our performance analysis shows that our scheme is efficient with respect to the security it provides, and it also allows a tradeoff between security and performance. A prototype implementation of our scheme indicates that our scheme is practical and can be deployed on the current generation of sensor nodes.
- Anderson, R., Chan, H., and Perrig, A. 2004. Key infection: Smart trust for smart dust. In Proceedings of the IEEE International Conference on Network Protocols (ICNP'04). Google ScholarDigital Library
- Bellare, M., Guerin, R., and Rogaway, P. 1995. Xor macs: New methods for message authentication using finite pseudorandom functions. In Proceedings of CRYPTo'95. Google ScholarDigital Library
- Blom, R. 1985. An optimal class of symmetric key generation systems. In Advances in Cryptology, Proceedings of EUROCRYPT'84. Lecture Notes in Computer Science, vol. 209. Springer-Verlag, Berlin, Germany, 335--338. Google ScholarDigital Library
- Blundo, C., Santis, A. D., Herzberg, A., Kutten, S., Vaccaro, U., and Yung, M. 1993. Perfectly-secure key distribution for dynamic conferences. In Advances in Cryptology, Proceedings of CRYPTO'92. Lecture Notes in Computer Science, vol. 740. Springer-Verlag, Berlin, Germany, 471--486. Google ScholarDigital Library
- Chan, H. and Perrig, A. 2005. Pike: Peer intermediaries for key establishment in sensor networks. In Proceedings of Infocom'05.Google Scholar
- Chan, H., Perrig, A., and Song, D. 2003. Random key predistribution schemes for sensor networks. In Proceedings of the IEEE Security and Privacy Symposim'03. Google ScholarDigital Library
- Deng, J., Han, R., and Mishra, S. 2003. Security support for in-network processing in wireless sensor networks. In Proceedings of the First ACM Workshop on the Security of Ad Hoc and Sensor Networks (SASN'03). Google ScholarDigital Library
- Deng, J., Han, R., and Mishra, S. 2004. Intrusion tolerance strategies in wireless sensor networks. In Proceedings of the IEEE 2004 International Conference on Dependable Systems and Networks (DSN'04). Google ScholarDigital Library
- Du, W., Deng, J., Han, Y., and Varshney, P. 2003. A pairwise key pre-distribution scheme for wireless sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS'03). 42--51. Google ScholarDigital Library
- Eschenauer, L. and Gligor, V. 2002. A key-management scheme for distributed sensor networks. In Proceedings of ACM CCS'02. Google ScholarDigital Library
- Goldreich, O., Goldwasser, S., and Micali, S. 1986. How to construct random functions. J. Assoc. Comput. Mach. 33, 4, 210--217. Google ScholarDigital Library
- Hill, J., Szewczyk, R., Woo, A., Hollar, S., Culler, D. E., and Pister, K. S. J. 2000. System architecture directions for networked sensors. In Proceedings of the Conference on Architectural Support for Programming Languages and Operating Systems. 93--104. Google ScholarDigital Library
- Hu, L. and Evans, D. 2003. Secure aggregation for wireless networks. In Proceedings of the Workshop on Security and Assurance in Ad Hoc Networks.Google ScholarDigital Library
- Karlof, C. and Wagner, D. 2003. Secure routing in sensor networks: Attacks and countermeasures. In Proceedings of the First IEEE Workshop on Sensor Network Protocols and Applications.Google Scholar
- Karp, B. and Kung, H. 2000. GPSR: A geographic hash table for data-centric storage. In Proceedings of the ACM International Workshop on Wireless Sensor Networks and Applications. Google ScholarDigital Library
- Lamport, L. 1981. Password authentication with insecure communication communication. Commun. ACM 24, 11, 770--772. Google ScholarDigital Library
- Liu, D. and Ning, P. 2003a. Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks. In Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS'03). 263--276.Google Scholar
- Liu, D. and Ning, P. 2003b. Establishing pairwise keys in distributed sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03). 52--61. Google ScholarDigital Library
- Liu, D., Ning, P., and Li, R. 2005. Establishing pairwise keys in distributed sensor networks. ACM Trans. Inform. Syst. Sec. 8, 1 (Feb.), 1--77. Google ScholarDigital Library
- Perrig, A., Szewczyk, R., Wen, V., Culler, D. E., and Tygar, J. D. 2001. Spins: Security protocols for sensor netowrks. In Proceedings of the ACM Conference on Mobile Computing and Networking (Mobicom'01). 189--199. Google ScholarDigital Library
- Przydatek, B., Song, D., and Perrig, A. 2003. SIA: Secure information aggregation in sensor networks. In Proceedings of ACM SenSys 2003. Google ScholarDigital Library
- Rivest, R. 1994. The rc5 encryption algorithm. In Proceedings of the 1st International Workshop on Fast Software Encryption. 86--96.Google Scholar
- Wood, A. and Stankovic, J. 2002. Denial of service in sensor networks. IEEE Comput. 35, 10 (Oct.), 54--62. Google ScholarDigital Library
- Xbo. 2005. Crossbow Technology Inc., San Jose, CA.Google Scholar
- Ye, F., Luo, H., Lu, S., and Zhang, L. 2004. Statistical en-route detection and filtering of injected false data in sensor networks. In Proceedings of IEEE Infocom'04.Google Scholar
- Yi, Y., Wang, X., Zhu, S., and Cao, G. 2006. SDAP: A secure hop-by-hop data aggregation protocol for sensor networks. In Proceedings of ACM Mobihoc. Google ScholarDigital Library
- Zhu, S., Setia, S., and Jajodia, S. 2003a. LEAP: Efficient security mechanisms for large-scale distributed sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03). 62--72. Google ScholarDigital Library
- Zhu, S., Xu, S., Setia, S., and Jajodia, S. 2003b. Establishing pair-wise keys for secure communication in ad hoc networks: A probabilistic approach. In Proceedings of the 11th IEEE International Conference on Network Protocols (ICNP'03). Google ScholarDigital Library
Index Terms
- Interleaved hop-by-hop authentication against false data injection attacks in sensor networks
Recommendations
Securing data aggregation against false data injection in wireless sensor networks
ICACT'10: Proceedings of the 12th international conference on Advanced communication technologyData aggregation is an efficient technique for reducing communication cost in wireless sensor networks. However it is vulnerable to false data injection attacks where the adversary node sends false data to the aggregation node and thus, stops the base ...
Defending collaborative false data injection attacks in wireless sensor networks
False data filtering is an important issue in wireless sensor networks. In this paper, we consider a new type of false data injection attacks called collaborative false data injection, and propose two schemes to defend such attacks. In collaborative ...
A multi-path interleaved hop-by-hop en-route filtering scheme in wireless sensor networks
A compromised node can generate a fabricated report, which results in false alarms, information loss, and a waste of precious network energy. An interleaved hop-by-hop authentication (IHA) scheme has been proposed to minimize such serious damage by ...
Comments