Sencun Zhu
Sushil Jajodia
Peng Ning
Abstract
Sensor networks are often deployed in unattended environments, thus leaving these networks vulnerable to false data injection attacks in which an adversary injects false data into the network with the goal of deceiving the base station or depleting the resources of the relaying nodes. Standard authentication mechanisms cannot prevent this attack if the adversary has compromised one or a small number of sensor nodes. We present three interleaved hop-by-hop authentication schemes that guarantee that the base station can detect injected false data immediately when no more than t nodes are compromised, where t is a system design parameter. Moreover, these schemes enable an intermediate forwarding node to detect and discard false data packets as early as possible. Our performance analysis shows that our scheme is efficient with respect to the security it provides, and it also allows a tradeoff between security and performance. A prototype implementation of our scheme indicates that our scheme is practical and can be deployed on the current generation of sensor nodes.
- Anderson, R., Chan, H., and Perrig, A. 2004. Key infection: Smart trust for smart dust. In Proceedings of the IEEE International Conference on Network Protocols (ICNP'04). Google Scholar
Digital Library
- Bellare, M., Guerin, R., and Rogaway, P. 1995. Xor macs: New methods for message authentication using finite pseudorandom functions. In Proceedings of CRYPTo'95. Google ScholarDigital Library
- Blom, R. 1985. An optimal class of symmetric key generation systems. In Advances in Cryptology, Proceedings of EUROCRYPT'84. Lecture Notes in Computer Science, vol. 209. Springer-Verlag, Berlin, Germany, 335--338. Google ScholarDigital Library
- Blundo, C., Santis, A. D., Herzberg, A., Kutten, S., Vaccaro, U., and Yung, M. 1993. Perfectly-secure key distribution for dynamic conferences. In Advances in Cryptology, Proceedings of CRYPTO'92. Lecture Notes in Computer Science, vol. 740. Springer-Verlag, Berlin, Germany, 471--486. Google ScholarDigital Library
- Chan, H. and Perrig, A. 2005. Pike: Peer intermediaries for key establishment in sensor networks. In Proceedings of Infocom'05.Google Scholar
- Chan, H., Perrig, A., and Song, D. 2003. Random key predistribution schemes for sensor networks. In Proceedings of the IEEE Security and Privacy Symposim'03. Google ScholarDigital Library
- Deng, J., Han, R., and Mishra, S. 2003. Security support for in-network processing in wireless sensor networks. In Proceedings of the First ACM Workshop on the Security of Ad Hoc and Sensor Networks (SASN'03). Google ScholarDigital Library
- Deng, J., Han, R., and Mishra, S. 2004. Intrusion tolerance strategies in wireless sensor networks. In Proceedings of the IEEE 2004 International Conference on Dependable Systems and Networks (DSN'04). Google ScholarDigital Library
- Du, W., Deng, J., Han, Y., and Varshney, P. 2003. A pairwise key pre-distribution scheme for wireless sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS'03). 42--51. Google ScholarDigital Library
- Eschenauer, L. and Gligor, V. 2002. A key-management scheme for distributed sensor networks. In Proceedings of ACM CCS'02. Google ScholarDigital Library
- Goldreich, O., Goldwasser, S., and Micali, S. 1986. How to construct random functions. J. Assoc. Comput. Mach. 33, 4, 210--217. Google ScholarDigital Library
- Hill, J., Szewczyk, R., Woo, A., Hollar, S., Culler, D. E., and Pister, K. S. J. 2000. System architecture directions for networked sensors. In Proceedings of the Conference on Architectural Support for Programming Languages and Operating Systems. 93--104. Google ScholarDigital Library
- Hu, L. and Evans, D. 2003. Secure aggregation for wireless networks. In Proceedings of the Workshop on Security and Assurance in Ad Hoc Networks.Google ScholarDigital Library
- Karlof, C. and Wagner, D. 2003. Secure routing in sensor networks: Attacks and countermeasures. In Proceedings of the First IEEE Workshop on Sensor Network Protocols and Applications.Google Scholar
- Karp, B. and Kung, H. 2000. GPSR: A geographic hash table for data-centric storage. In Proceedings of the ACM International Workshop on Wireless Sensor Networks and Applications. Google ScholarDigital Library
- Lamport, L. 1981. Password authentication with insecure communication communication. Commun. ACM 24, 11, 770--772. Google ScholarDigital Library
- Liu, D. and Ning, P. 2003a. Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks. In Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS'03). 263--276.Google Scholar
- Liu, D. and Ning, P. 2003b. Establishing pairwise keys in distributed sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03). 52--61. Google ScholarDigital Library
- Liu, D., Ning, P., and Li, R. 2005. Establishing pairwise keys in distributed sensor networks. ACM Trans. Inform. Syst. Sec. 8, 1 (Feb.), 1--77. Google ScholarDigital Library
- Perrig, A., Szewczyk, R., Wen, V., Culler, D. E., and Tygar, J. D. 2001. Spins: Security protocols for sensor netowrks. In Proceedings of the ACM Conference on Mobile Computing and Networking (Mobicom'01). 189--199. Google ScholarDigital Library
- Przydatek, B., Song, D., and Perrig, A. 2003. SIA: Secure information aggregation in sensor networks. In Proceedings of ACM SenSys 2003. Google ScholarDigital Library
- Rivest, R. 1994. The rc5 encryption algorithm. In Proceedings of the 1st International Workshop on Fast Software Encryption. 86--96.Google Scholar
- Wood, A. and Stankovic, J. 2002. Denial of service in sensor networks. IEEE Comput. 35, 10 (Oct.), 54--62. Google ScholarDigital Library
- Xbo. 2005. Crossbow Technology Inc., San Jose, CA.Google Scholar
- Ye, F., Luo, H., Lu, S., and Zhang, L. 2004. Statistical en-route detection and filtering of injected false data in sensor networks. In Proceedings of IEEE Infocom'04.Google Scholar
- Yi, Y., Wang, X., Zhu, S., and Cao, G. 2006. SDAP: A secure hop-by-hop data aggregation protocol for sensor networks. In Proceedings of ACM Mobihoc. Google ScholarDigital Library
- Zhu, S., Setia, S., and Jajodia, S. 2003a. LEAP: Efficient security mechanisms for large-scale distributed sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03). 62--72. Google ScholarDigital Library
- Zhu, S., Xu, S., Setia, S., and Jajodia, S. 2003b. Establishing pair-wise keys for secure communication in ad hoc networks: A probabilistic approach. In Proceedings of the 11th IEEE International Conference on Network Protocols (ICNP'03). Google ScholarDigital Library
Index Terms
- Interleaved hop-by-hop authentication against false data injection attacks in sensor networks
Recommendations
Securing data aggregation against false data injection in wireless sensor networks
ICACT'10: Proceedings of the 12th international conference on Advanced communication technologyData aggregation is an efficient technique for reducing communication cost in wireless sensor networks. However it is vulnerable to false data injection attacks where the adversary node sends false data to the aggregation node and thus, stops the base ...
Defending collaborative false data injection attacks in wireless sensor networks
False data filtering is an important issue in wireless sensor networks. In this paper, we consider a new type of false data injection attacks called collaborative false data injection, and propose two schemes to defend such attacks. In collaborative ...
A multi-path interleaved hop-by-hop en-route filtering scheme in wireless sensor networks
A compromised node can generate a fabricated report, which results in false alarms, information loss, and a waste of precious network energy. An interleaved hop-by-hop authentication (IHA) scheme has been proposed to minimize such serious damage by ...
Reviews
Alessandro Berni
Unattended sensor networks are exposed to a number of threats: the physical destruction of nodes; security attacks at the routing and data-link levels; resource consumption attacks; and insider attacks, where compromised nodes are used to inject false data into the network. The authors address the insider threat posed by false data injection attacks, and propose interleaved hop-by-hop authentication schemes to detect false data packets sent by compromised nodes. Such schemes, built on top of previous work [1,2,3], supplement standard authentication concepts by allowing the immediate detection of false data when no more than t nodes are compromised. In the proposed scheme, t+1 sensor nodes within a sensor cluster agree upon a report before it is sent, and then all nodes involved in relaying the message to the final destination authenticate the report in an interleaved hop-by-hop fashion. This provides an upper bound, B , for the number of hops that a false data packet can be forwarded before it is detected and dropped. This upper bound B can be made close to zero, and with a minimal computational overhead. At the price of a slightly higher storage overhead than in other options, this enables important energy savings by avoiding further retransmissions of false data reports. Security assumptions on the proposed approach are supported by demonstrations, while performance considerations have been analyzed in a network of TinyOS MICA2 motes, which are representative of the current generation of sensor nodes. This is an interesting solution, which can be applied only to simple sensing scenarios (for example, temperature and seismic data) where the agreement of t+1 nodes can be assessed with Boolean operations. More complex scenarios will impose increasingly demanding requirements, both in terms of the sensing package and in computing power—well beyond the capabilities of today’s small and inexpensive sensors. This work will drive the development of more sophisticated probability-based decision heuristics, and the adoption of more capable hardware platforms. For the time being, this is an interesting step in the right direction. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments