Results 1 - 10
of
543
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks
, 2003
"... this paper, we provide a framework in which to study the security of key pre-distribution schemes, propose a new key pre-distribution scheme which substantially improves the resilience of the network compared to previous schemes, and give an in-depth analysis of our scheme in terms of network resili ..."
Abstract
-
Cited by 552 (18 self)
- Add to MetaCart
this paper, we provide a framework in which to study the security of key pre-distribution schemes, propose a new key pre-distribution scheme which substantially improves the resilience of the network compared to previous schemes, and give an in-depth analysis of our scheme in terms of network resilience and associated overhead. Our scheme exhibits a nice threshold property: when the number of compromised nodes is less than the threshold, the probability that communications between any additional nodes are compromised is close to zero. This desirable property lowers the initial payoff of smaller-scale network breaches to an adversary, and makes it necessary for the adversary to attack a large fraction of the network before it can achieve any significant gain
Tinysec: A link layer security architecture for wireless sensor networks
- in Proc of the 2nd Int’l Conf on Embedded Networked Sensor Systems
"... We introduce TinySec, the first fully-implemented link layer security architecture for wireless sensor networks. In our design, we leverage recent lessons learned from design vulnerabilities in security protocols for other wireless networks such as 802.11b and GSM. Conventional security protocols te ..."
Abstract
-
Cited by 521 (0 self)
- Add to MetaCart
(Show Context)
We introduce TinySec, the first fully-implemented link layer security architecture for wireless sensor networks. In our design, we leverage recent lessons learned from design vulnerabilities in security protocols for other wireless networks such as 802.11b and GSM. Conventional security protocols tend to be conservative in their security guarantees, typically adding 16–32 bytes of overhead. With small memories, weak processors, limited energy, and 30 byte packets, sensor networks cannot afford this luxury. TinySec addresses these extreme resource constraints with careful design; we explore the tradeoffs among different cryptographic primitives and use the inherent sensor network limitations to our advantage when choosing parameters to find a sweet spot for security, packet overhead, and resource requirements. TinySec is portable to a variety of hardware and radio platforms. Our experimental results on a 36 node distributed sensor network application clearly demonstrate that software based link layer protocols are feasible and efficient, adding less than 10 % energy, latency, and bandwidth overhead.
LEAP: Efficient Security Mechanisms for Large-scale Distributed Sensor Networks
, 2003
"... Protocol), a key management protocol for sensor networks that is designed to support in-network processing, while at the same time restricting the security impact of a node compromise to the immediate network neighborhood of the compromised node. The design of the protocol is motivated by the observ ..."
Abstract
-
Cited by 469 (22 self)
- Add to MetaCart
Protocol), a key management protocol for sensor networks that is designed to support in-network processing, while at the same time restricting the security impact of a node compromise to the immediate network neighborhood of the compromised node. The design of the protocol is motivated by the observation that different types of messages exchanged between sensor nodes have different security requirements, and that a single keying mechanism is not suitable for meeting these different security requirements. LEAP supports the establishment of four types of keys for each sensor node – an individual key shared with the base station, a pairwise key shared with another sensor node, a cluster key shared with multiple neighboring nodes, and a group key that is shared by all the nodes in the network. The protocol used for establishing and updating these keys
The Sybil attack in sensor networks: Analysis & Defenses
- THIRD INTERNATIONAL SYMPOSIUM ON INFORMATION PROCESSING IN SENSOR NETWORKS, IPSN, 26 – 27 APRIL 2004 PAGE(S): 259 – 268
, 2004
"... Security is important for many sensor network applications. A particularly harmful attack against sensor and ad hoc networks is known as the Sybil attack [6], where a node illegitimately claims multiple identities. This paper system-atically analyzes the threat posed by the Sybil attack to wireless ..."
Abstract
-
Cited by 392 (1 self)
- Add to MetaCart
Security is important for many sensor network applications. A particularly harmful attack against sensor and ad hoc networks is known as the Sybil attack [6], where a node illegitimately claims multiple identities. This paper system-atically analyzes the threat posed by the Sybil attack to wireless sensor networks. We demonstrate that the attack can be exceedingly detrimental to many important functions of the sensor network such as routing, resource allocation, misbehavior detection, etc. We establish a classification of different types of the Sybil attack, which enables us to bet-ter understand the threats posed by each type, and better design countermeasures against each type. We then propose several novel techniques to defend against the Sybil attack, and analyze their effectiveness quantitatively.
A Key Management Scheme for Wireless Sensor Networks Using Deployment Knowledge
, 2004
"... To achieve security in wireless sensor networks, it is important to be able to encrypt messages sent among sensor nodes. Keys for encryption purposes must be agreed upon by communicating nodes. Due to resource constraints, achieving such key agreement in wireless sensor networks is non-trivial. Many ..."
Abstract
-
Cited by 271 (7 self)
- Add to MetaCart
(Show Context)
To achieve security in wireless sensor networks, it is important to be able to encrypt messages sent among sensor nodes. Keys for encryption purposes must be agreed upon by communicating nodes. Due to resource constraints, achieving such key agreement in wireless sensor networks is non-trivial. Many key agreement schemes used in general networks, such as Diffie-Hellman and public-key based schemes, are not suitable for wireless sensor networks. Pre-distribution of secret keys for all pairs of nodes is not viable due to the large amount of memory used when the network size is large. Recently, a random key predistribution scheme and its improvements have been proposed.
Reputation-based framework for high integrity sensor networks
- In SASN ’04: Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks
, 2004
"... The traditional approach of providing network security has been to borrow tools from cryptography and authentication. However, we argue that the conventional view of security based on cryptography alone is not sufficient for the unique characteristics and novel misbehaviors encountered in sensor net ..."
Abstract
-
Cited by 257 (7 self)
- Add to MetaCart
(Show Context)
The traditional approach of providing network security has been to borrow tools from cryptography and authentication. However, we argue that the conventional view of security based on cryptography alone is not sufficient for the unique characteristics and novel misbehaviors encountered in sensor networks. Fundamental to this is the observation that cryptography cannot prevent malicious or non-malicious insertion of data from internal adversaries or faulty nodes. We believe that in general tools from different domains such as economics, statistics and data analysis will have to be combined with cryptography for the development of trustworthy sensor networks. Following this approach, we propose a reputation-based framework for sensor networks where nodes maintain reputation for other nodes and use it to evaluate their trustworthiness. We will show that this framework provides a scalable, diverse and a generalized approach for countering all types of misbehavior resulting from malicious and faulty nodes. We are currently developing a system within this framework where we employ a Bayesian formulation, specifically a beta reputation system, for reputation representation, updates and integration. We will explain the reasoning behind our design choices, analyzing their pros & cons. We conclude the paper by verifying the efficacy of this system through some preliminary simulation results.
An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks
- IN IEEE SYMPOSIUM ON SECURITY AND PRIVACY
, 2004
"... Sensor networks are often deployed in unattended environments, thus leaving these networks vulnerable to false data injection attacks in which an adversary injects false data into the network with the goal of deceiving the base station or depleting the resources of the relaying nodes. Standard authe ..."
Abstract
-
Cited by 172 (8 self)
- Add to MetaCart
Sensor networks are often deployed in unattended environments, thus leaving these networks vulnerable to false data injection attacks in which an adversary injects false data into the network with the goal of deceiving the base station or depleting the resources of the relaying nodes. Standard authentication mechanisms cannot prevent this attack if the adversary has compromised one or a small number of sensor nodes. In this paper, we present an interleaved hop-by-hop authentication scheme that guarantees that the base station will detect any injected false data packets when no more than a certain number t nodes are compromised. Further, our scheme provides an upper bound B for the number of hops that a false data packet could be forwarded before it is detected and dropped, given that there are up to t colluding compromised nodes. We show that in the worst case B is O(t²). Through performance analysis, we show that our scheme is efficient with respect to the security it provides, and it also allows a tradeoff between security and performance.
TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks
"... Public Key Cryptography (PKC) has been the enabling technology underlying many security services and protocols in traditional networks such as the Internet. In the context of wireless sensor networks, elliptic curve cryptography (ECC), one of the most efficient types of PKC, is being investigated to ..."
Abstract
-
Cited by 146 (1 self)
- Add to MetaCart
(Show Context)
Public Key Cryptography (PKC) has been the enabling technology underlying many security services and protocols in traditional networks such as the Internet. In the context of wireless sensor networks, elliptic curve cryptography (ECC), one of the most efficient types of PKC, is being investigated to provide PKC support in sensor network applications so that the existing PKC-based solutions can be exploited. This paper presents the design, implementation, and evaluation of TinyECC, a configurable library for ECC operations in wireless sensor networks. The primary objective of TinyECC is to provide a ready-to-use, publicly available software package for ECC-based PKC operations that can be flexibly configured and integrated into sensor network applications. TinyECC provides a number of optimization switches, which can turn specific optimizations on or off based on developers ’ needs. Different combinations of the optimizations have different execution time and resource consumptions, giving developers great flexibility in integrating TinyECC into sensor network applications. This paper also reports the experimental evaluation of TinyECC on several common sensor platforms, including MICAz, Tmote Sky, and Imote2. The evaluation results show the impacts of individual optimizations on the execution time and resource consumptions, and give the most computationally efficient and the most storage efficient configuration of TinyECC.
Location-Based Pairwise Key Establishments for Static Sensor Networks
- In 2003 ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN ’03
, 2003
"... Sensor networks are ideal candidates for applications such as target tracking and environment monitoring. Security in sensor networks is critical when there are potential adversaries. Establishment of pairwise keys is a fundamental security service, which forms the basis of other security services s ..."
Abstract
-
Cited by 145 (7 self)
- Add to MetaCart
(Show Context)
Sensor networks are ideal candidates for applications such as target tracking and environment monitoring. Security in sensor networks is critical when there are potential adversaries. Establishment of pairwise keys is a fundamental security service, which forms the basis of other security services such as authentication and encryption. However, establishing pairwise keys in sensor networks is not a trivial task, particularly due to the resource constraints on sensors. This paper presents several techniques for establishing pairwise keys in static sensor networks. These techniques take advantage of the observation that in static sensor networks, although it is difficult to precisely pinpoint sensors' positions, it is often possible to approximately determine their locations. This paper presents a simple location-aware deployment model, and develops two pairwise key predistribution schemes, a closest pairwise keys predistribution scheme and a location-based pairwise keys scheme using bivariate polynomials, by taking advantage of sensors' expected locations. The analysis in this paper indicates that these schemes can achieve better performance if such location information is available and that the smaller the deployment error (i.e., the difference between a sensor's actual location and its expected location) is, the better performance they can achieve.
PIKE: Peer intermediaries for key establishment in sensor networks
- In Proceedings of IEEE Infocom
, 2005
"... Abstract — The establishment of shared cryptographic keys between communicating neighbor nodes in sensor networks is a challenging problem due to the unsuitability of asymmetric key cryptography for these resource-constrained platforms. A range of symmetric-key distribution protocols exist, but thes ..."
Abstract
-
Cited by 141 (2 self)
- Add to MetaCart
(Show Context)
Abstract — The establishment of shared cryptographic keys between communicating neighbor nodes in sensor networks is a challenging problem due to the unsuitability of asymmetric key cryptography for these resource-constrained platforms. A range of symmetric-key distribution protocols exist, but these protocols do not scale effectively to large sensor networks. For a given level of security, each protocol incurs a linearly increasing overhead in either communication cost per node or memory per node. We describe Peer Intermediaries for Key Establishment (PIKE), a class of key-establishment protocols that involves using one or more sensor nodes as a trusted intermediary to facilitate key establishment. We show that, unlike existing key-establishment protocols, both the communication and memory overheads of PIKE protocols scale sub-linearly (O ( √ n)) with the number of nodes in the network yet achieving higher security against node compromise than other protocols. I.
