Results 1 - 10
of
1,064
SPINS: Security Protocols for Sensor Networks
, 2001
"... As sensor networks edge closer towards wide-spread deployment, security issues become a central concern. So far, the main research focus has been on making sensor networks feasible and useful, and less emphasis was placed on security. We design a suite of security building blocks that are optimized ..."
Abstract
-
Cited by 1094 (30 self)
- Add to MetaCart
As sensor networks edge closer towards wide-spread deployment, security issues become a central concern. So far, the main research focus has been on making sensor networks feasible and useful, and less emphasis was placed on security. We design a suite of security building blocks that are optimized for resource-constrained environments and wireless communication. SPINS has two secure building blocks: SNEP and TESLA. SNEP provides the following important baseline security primitives: Data con£dentiality, two-party data authentication, and data freshness. A particularly hard problem is to provide efficient broad-cast authentication, which is an important mechanism for sensor networks. TESLA is a new protocol which provides authenticated broadcast for severely resource-constrained environments. We implemented the above protocols, and show that they are practical even on minimalistic hardware: The performance of the protocol suite easily matches the data rate of our network. Additionally, we demonstrate that the suite can be used for building higher level protocols.
Mitigating routing misbehavior in mobile ad hoc networks
- Proc. ACM/IEEE MOBICOM
, 2000
"... This paper describes two techniques that improve through-put in an ad hoc network in the presence of nodes that agree to forward packets but fail to do so. To mitigate this prob-lem, we propose categorizing nodes based upon their dynam-ically measured behavior. We use a watchdog that identifies misb ..."
Abstract
-
Cited by 1090 (4 self)
- Add to MetaCart
(Show Context)
This paper describes two techniques that improve through-put in an ad hoc network in the presence of nodes that agree to forward packets but fail to do so. To mitigate this prob-lem, we propose categorizing nodes based upon their dynam-ically measured behavior. We use a watchdog that identifies misbehaving nodes and a patl~rater that helps routing pro-tocols avoid these nodes. Through simulation we evaluate watchdog and pathrater using packet throughput, percent-age of overhead (routing) transmissions, and the accuracy of misbehaving node detection. When used together in a net-work with moderate mobility, the two techniques increase throughput by 17 % in the presence of 40 % misbehaving nodes, while increasing the percentage ofoverhead transmis-sions from the standard routing protocol's 9 % to 17%. Dur-ing extreme mobility, watchdog and pathrater can increase network throughput by 27%, while increasing the overhead transmissions from the standard routing protocol's 12 % to 24%. 1.
Ariadne: a secure on-demand routing protocol for ad hoc networks," in
- Proc. 8th ACM International Conf. Mobile Computing Networking ,
, 2002
"... Abstract An ad hoc network is a group of wireless mobile computers (or nodes), in which individual nodes cooperate by forwarding packets for each other to allow nodes to communicate beyond direct wireless transmission range. Prior research in ad hoc networking has generally studied the routing prob ..."
Abstract
-
Cited by 925 (12 self)
- Add to MetaCart
Abstract An ad hoc network is a group of wireless mobile computers (or nodes), in which individual nodes cooperate by forwarding packets for each other to allow nodes to communicate beyond direct wireless transmission range. Prior research in ad hoc networking has generally studied the routing problem in a non-adversarial setting, assuming a trusted environment. In this paper, we present attacks against routing in ad hoc networks, and we present the design and performance evaluation of a new secure on-demand ad hoc network routing protocol, called Ariadne. Ariadne prevents attackers or compromised nodes from tampering with uncompromised routes consisting of uncompromised nodes, and also prevents many types of Denial-of-Service attacks. In addition, Ariadne is efficient, using only highly efficient symmetric cryptographic primitives.
Random Key Predistribution Schemes for Sensor Networks”,
- IEEE Symposium on Security and Privacy,
, 2003
"... Abstract Efficient key distribution is the basis for providing secure communication, a necessary requirement for many emerging sensor network applications. Many applications require authentic and secret communication among neighboring sensor nodes. However, establishing keys for secure communicatio ..."
Abstract
-
Cited by 832 (12 self)
- Add to MetaCart
(Show Context)
Abstract Efficient key distribution is the basis for providing secure communication, a necessary requirement for many emerging sensor network applications. Many applications require authentic and secret communication among neighboring sensor nodes. However, establishing keys for secure communication among neighboring sensor nodes in a sensor network is a challenging problem, due to the scale of sensor nets, the limited computation and communication resources of sensors, their deployment in hostile environments yet their lack of tamper-resistant hardware. The limited computation resources of sensor nodes prevent using traditional key distribution mechanisms in sensor networks, such as Diffie-Hellman based approaches. Pre-distribution of secret keys among neighbors is generally not feasible, because we do not know which sensors will be neighbors after deployment. Pre-distribution of secret keys for all pairs of nodes is not viable due to the large number of sensors and the limited memory of sensor nodes. A new key distribution approach was proposed by Eschenauer and Gligor [11] to achieve secrecy for node-to-node communication: sensor nodes receive a random subset of keys from a key pool before deployment. In the field, neighboring nodes exchange information to find one common key within their random subset and use that key as their shared secret to secure subsequent communication. In this paper, we generalize the Eschenauer-Gligor key distribution approach. First, we propose two new mechanisms, the q-composite random key predistribution scheme and the multi-path key reinforcement scheme, which substantially increases the security of key setup such that an attacker has to compromise many more nodes to achieve a high probability to compromise communication. Second, we propose a new mechanism, random-pairwise keys scheme, to enable node-to-node authentication without involving a base station and perfect resilience against node capture. We also show how we enable distributed node revocation based on this scheme. To the best of our knowledge, no previous scheme supports efficient node-to-node authentication without involving a base station and distributed node revocation. We give detailed analysis and simulation results to each proposed scheme and show under which situations a scheme should be used to achieve the best security.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures
-
, 2003
"... We consider routing security in wireless sensor networks. Many sensor network routing protocols have been proposed, but none of them have been designed with security as agq1( We propose securitygcur forrouting in sensor networks, show how attacks agacks ad-hoc and peer-to-peer networks can be ..."
Abstract
-
Cited by 827 (3 self)
- Add to MetaCart
We consider routing security in wireless sensor networks. Many sensor network routing protocols have been proposed, but none of them have been designed with security as agq1( We propose securitygcur forrouting in sensor networks, show how attacks agacks ad-hoc and peer-to-peer networks can be adapted into powerful attacks agacks sensor networks, introduce two classes of novel attacks agacks sensor networks----sinkholes and HELLO floods, and analyze the security of all the major sensor networkrouting protocols. We describe crippling attacks against all of them and sug@(5 countermeasures anddesig considerations. This is the first such analysis of secure routing in sensor networks.
Packet Leashes: A Defense against Wormhole Attacks in Wireless Ad Hoc Networks
, 2003
"... Abstract — As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has n ..."
Abstract
-
Cited by 703 (15 self)
- Add to MetaCart
Abstract — As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts, and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them (possibly selectively) to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many ad hoc network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a new, general mechanism, called packet leashes, for detecting and thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes. I.
Secure Routing for Mobile Ad Hoc Networks
- MOBILE COMPUTING AND COMMUNICATIONS REVIEW
, 2002
"... For such self-organizing infrastructures as mobile ad hoc
networks , envisioned to operate in an open, collaborative,
and highly volatile environment, the importance of secu-
rity cannot be underrated. The provision of comprehen-
sive secure communication mandates that both route dis-
covery and dat ..."
Abstract
-
Cited by 599 (14 self)
- Add to MetaCart
For such self-organizing infrastructures as mobile ad hoc
networks , envisioned to operate in an open, collaborative,
and highly volatile environment, the importance of secu-
rity cannot be underrated. The provision of comprehen-
sive secure communication mandates that both route dis-
covery and data forwarding be safeguarded. The discussed
here Secure Routing Protocol (SRP) [1] counters malicious
behavior that targets the discovery of topological informa-
tion. The protection of the data transmission is a separate
problem: an intermittently misbehaving attacker could first
comply with the route discovery to make itself part of a
route, and then corrupt the in-transit data. Protection of
data transmission is addressed through our related Secure
Message Transmission Protocol (SMT), which provides a
flexible, end-to-end secure data forwarding scheme that
naturally complement SRP. Here we discuss the design of
SRP only, while SMT is the subject of another publication.
SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks
, 2003
"... An ad hoc network is a collection of wireless computers (nodes), communicating among themselves over possibly multihop paths, without the help of any infrastructure such as base stations or access points. Although many previous ad hoc network routing protocols have been based in part on distance vec ..."
Abstract
-
Cited by 534 (8 self)
- Add to MetaCart
(Show Context)
An ad hoc network is a collection of wireless computers (nodes), communicating among themselves over possibly multihop paths, without the help of any infrastructure such as base stations or access points. Although many previous ad hoc network routing protocols have been based in part on distance vector approaches, they have generally assumed a trusted environment. In this paper, we design and evaluate the Secure Efficient Ad hoc Distance vector routing protocol (SEAD), a secure ad hoc network routing protocol based on the design of the Destination-Sequenced Distance-Vector routing protocol. In order to support use with nodes of limited CPU processing capability, and to guard against Denial-of-Service attacks in which an attacker attempts to cause other nodes to consume excess network bandwidth or processing time, we use efficient one-way hash functions and do not use asymmetric cryptographic operations in the protocol. SEAD performs well over the range of scenarios we tested, and is robust against multiple uncoordinated attackers creating incorrect routing state in any other node, even in spite of any active attackers or compromised nodes in the network.
CORE: A Collaborative Reputation mechanism to enforce node cooperation
- in Mobile Ad Hoc Networks. Communication and Multimedia Security
, 2002
"... hoc Networks. ..."
A Secure Routing Protocol for Ad Hoc Networks
, 2002
"... Most recent ad hoc network research has focused on providing routing services without considering security. In this paper, we detail security threats against ad hoc routing protocols, specifically examining AODV and DSR. In light of these threats, we identify three different environments with distin ..."
Abstract
-
Cited by 508 (0 self)
- Add to MetaCart
(Show Context)
Most recent ad hoc network research has focused on providing routing services without considering security. In this paper, we detail security threats against ad hoc routing protocols, specifically examining AODV and DSR. In light of these threats, we identify three different environments with distinct security requirements. We propose a solution to one, the managed-open scenario where no network infrastructure is pre-deployed, but a small amount of prior security coordination is expected. Our protocol, ARAN, is based on certificates and successfully defeats all identified attacks.