Results 1 - 10
of
134
LEAP: Efficient Security Mechanisms for Large-scale Distributed Sensor Networks
, 2003
"... Protocol), a key management protocol for sensor networks that is designed to support in-network processing, while at the same time restricting the security impact of a node compromise to the immediate network neighborhood of the compromised node. The design of the protocol is motivated by the observ ..."
Abstract
-
Cited by 469 (22 self)
- Add to MetaCart
Protocol), a key management protocol for sensor networks that is designed to support in-network processing, while at the same time restricting the security impact of a node compromise to the immediate network neighborhood of the compromised node. The design of the protocol is motivated by the observation that different types of messages exchanged between sensor nodes have different security requirements, and that a single keying mechanism is not suitable for meeting these different security requirements. LEAP supports the establishment of four types of keys for each sensor node – an individual key shared with the base station, a pairwise key shared with another sensor node, a cluster key shared with multiple neighboring nodes, and a group key that is shared by all the nodes in the network. The protocol used for establishing and updating these keys
Reputation-based framework for high integrity sensor networks
- In SASN ’04: Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks
, 2004
"... The traditional approach of providing network security has been to borrow tools from cryptography and authentication. However, we argue that the conventional view of security based on cryptography alone is not sufficient for the unique characteristics and novel misbehaviors encountered in sensor net ..."
Abstract
-
Cited by 257 (7 self)
- Add to MetaCart
The traditional approach of providing network security has been to borrow tools from cryptography and authentication. However, we argue that the conventional view of security based on cryptography alone is not sufficient for the unique characteristics and novel misbehaviors encountered in sensor networks. Fundamental to this is the observation that cryptography cannot prevent malicious or non-malicious insertion of data from internal adversaries or faulty nodes. We believe that in general tools from different domains such as economics, statistics and data analysis will have to be combined with cryptography for the development of trustworthy sensor networks. Following this approach, we propose a reputation-based framework for sensor networks where nodes maintain reputation for other nodes and use it to evaluate their trustworthiness. We will show that this framework provides a scalable, diverse and a generalized approach for countering all types of misbehavior resulting from malicious and faulty nodes. We are currently developing a system within this framework where we employ a Bayesian formulation, specifically a beta reputation system, for reputation representation, updates and integration. We will explain the reasoning behind our design choices, analyzing their pros & cons. We conclude the paper by verifying the efficacy of this system through some preliminary simulation results.
PDA: privacy-preserving data aggregation in wireless sensor networks
- IN: PROCEEDINGS OF THE IEEE INFOCOM2007
, 2007
"... Providing efficient data aggregation while preserving data privacy is a challenging problem in wireless sensor networks research. In this paper, we present two privacy-preserving data aggregation schemes for additive aggregation functions. The first scheme – Cluster-based Private Data Aggregation ( ..."
Abstract
-
Cited by 54 (2 self)
- Add to MetaCart
(Show Context)
Providing efficient data aggregation while preserving data privacy is a challenging problem in wireless sensor networks research. In this paper, we present two privacy-preserving data aggregation schemes for additive aggregation functions. The first scheme – Cluster-based Private Data Aggregation (CPDA)– leverages clustering protocol and algebraic properties of polynomials. It has the advantage of incurring less communication overhead. The second scheme – Slice-Mix-AggRegaTe (SMART)– builds on slicing techniques and the associative property of addition. It has the advantage of incurring less computation overhead. The goal of our work is to bridge the gap between collaborative data collection by wireless sensor networks and data privacy. We assess the two schemes by privacy-preservation efficacy, communication overhead, and data aggregation accuracy. We present simulation results of our schemes and compare their performance to a typical data aggregation scheme – TAG, where no data privacy protection is provided. Results show the efficacy and efficiency of our schemes. To the best of our knowledge, this paper is among the first on privacy-preserving data aggregation in wireless sensor networks.
A Randomized, Efficient, and Distributed Protocol for the Detection of Node Replication Attacks in Wireless Sensor Networks
- MOBIHOC'07
, 2007
"... Wireless sensor networks are often deployed in hostile environments, where an adversary can physically capture some of the nodes. Once a node is captured, the attacker can re-program it and replicate the node in a large number of clones, thus easily taking over the network. The detection of node rep ..."
Abstract
-
Cited by 46 (6 self)
- Add to MetaCart
Wireless sensor networks are often deployed in hostile environments, where an adversary can physically capture some of the nodes. Once a node is captured, the attacker can re-program it and replicate the node in a large number of clones, thus easily taking over the network. The detection of node replication attacks in a wireless sensor network is therefore a fundamental problem. A few distributed solutions have recently been proposed. However, these solutions are not satisfactory. First, they are energy and memory demanding: A serious drawback for any protocol that is to be used in resource constrained environment such as a sensor network. Further, they are vulnerable to specific adversary models introduced in this paper. The contributions of this work are threefold. First, we analyze the desirable properties of a distributed mechanism for the detection of node replication attacks. Second, we show that the known solutions for this problem do not completely meet our requirements. Third, we propose a new Randomized, Efficient, and Distributed (RED) protocol for the detection of node replication attacks and we show that it is completely satisfactory with respect to the requirements. Extensive simulations also show that our protocol is highly efficient in communication, memory, and computation, that it sets out an improved attack detection probability compared to the best solutions in the literature, and that it is resistant to the new kind of attacks we introduce in this paper, while other solutions are not.
SIA: secure information aggregation in sensor networks
- Proc. of of ACM SenSys 2003
, 2003
"... ..."
(Show Context)
Realtime detection of clone attacks in wireless sensor networks
- in The 28th International Conference on Distributed Computing Systems (ICDCS 2008
, 2008
"... A central problem in sensor network security is that sen-sors are susceptible to physical capture attacks. Once a sen-sor is compromised, the adversary can easily launch clone attacks by replicating the compromised node, distributing the clones throughout the network, and starting a variety of insid ..."
Abstract
-
Cited by 20 (4 self)
- Add to MetaCart
(Show Context)
A central problem in sensor network security is that sen-sors are susceptible to physical capture attacks. Once a sen-sor is compromised, the adversary can easily launch clone attacks by replicating the compromised node, distributing the clones throughout the network, and starting a variety of insider attacks. Previous works against clone attacks suffer from either a high communication/storage overhead or a poor detection accuracy. In this paper, we propose a novel scheme for detecting clone attacks in sensor net-works, which computes for each sensor a social fingerprint by extracting the neighborhood characteristics, and verifies the legitimacy of the originator for each message by check-ing the enclosed fingerprint. The fingerprint generation is based on the superimposed s-disjunct code, which incurs a very light communication and computation overhead. The fingerprint verification is conducted at both the base sta-tion and the neighboring sensors, which ensures a high de-tection probability. The security and performance analysis indicate that our algorithm can identify clone attacks with a high detection probability at the cost of a low computa-tion/communication/storage overhead. To our best knowl-edge, our scheme is the first to provide realtime detection of clone attacks in an effective and efficient way. 1
Attack Resilient Hierarchical Data Aggregation
- in Sensor Networks,” ACM SASN’06
, 2006
"... In a large sensor network, in-network data aggregation, i.e., com-bining partial results at intermediate nodes during message routing, significantly reduces the amount of communication and hence the energy consumed. Recently several researchers have proposed ro-bust aggregation frameworks, which com ..."
Abstract
-
Cited by 18 (2 self)
- Add to MetaCart
(Show Context)
In a large sensor network, in-network data aggregation, i.e., com-bining partial results at intermediate nodes during message routing, significantly reduces the amount of communication and hence the energy consumed. Recently several researchers have proposed ro-bust aggregation frameworks, which combine multi-path routing schemes with duplicate-insensitive algorithms, to accurately com-pute aggregates (e.g., Sum, Count, Average) in spite of message losses resulting from node and transmission failures. However, these aggregation frameworks have been designed without security in mind. Given the lack of hardware support for tamper-resistance and the unattended nature of sensor nodes, sensor networks are highly vulnerable to node compromises. We show that even if a few compromised nodes contribute false sub-aggregate values, this results in large errors in the aggregate computed at the root of the hierarchy. We present modifications to the aggregation algorithms that guard against such attacks, i.e., we present algorithms for re-silient hierarchical data aggregation despite the presence of com-promised nodes in the aggregation hierarchy. We evaluate the per-formance and costs of our approach via both analysis and simula-tion. Our results show that our approach is scalable and efficient.
Secure Data Aggregation in Wireless Sensor Network: a survey
"... Recent advances in wireless sensor networks (WSNs) have led to many new promising applications including habitat monitoring and target tracking. However, data communication between nodes consumes a large portion of the total energy consumption of the WSNs. Consequently, data aggregation techniques c ..."
Abstract
-
Cited by 18 (1 self)
- Add to MetaCart
Recent advances in wireless sensor networks (WSNs) have led to many new promising applications including habitat monitoring and target tracking. However, data communication between nodes consumes a large portion of the total energy consumption of the WSNs. Consequently, data aggregation techniques can greatly help to reduce the energy consumption by eliminating redundant data traveling back to the base station. The security issues such as data integrity, confidentiality, and freshness in data aggregation become crucial when the WSN is deployed in a remote or hostile environment where sensors are prone to node failures and compromises. There is currently research potential in securing data aggregation in the WSN. With this in mind, the security issues in data aggregation for the WSN will be discussed in this paper. Then, the adversarial model that can be used in any aggregation scheme will be explained. After that, the ”state-of-the-art ” proposed secure data aggregation schemes will be surveyed and then classified into two categories based on the number of aggregator nodes and the existence of the verification phase. Finally, a conceptual framework will be proposed to provide new designs with the minimum security requirements against certain type of adversary. This framework gives a better understanding of those schemes and facilitates the evaluation process.
Improving Sensor Network Immunity under Worm Attacks: a Software Diversity Approach ∗ 1
"... Because of cost and resource constraints, sensor nodes do not have a complicated hardware architecture or operating system to protect program safety. Hence, the notorious buffer-overflow vulnerability that has caused numerous Internet worm attacks could also be exploited to attack sensor networks. W ..."
Abstract
-
Cited by 15 (2 self)
- Add to MetaCart
(Show Context)
Because of cost and resource constraints, sensor nodes do not have a complicated hardware architecture or operating system to protect program safety. Hence, the notorious buffer-overflow vulnerability that has caused numerous Internet worm attacks could also be exploited to attack sensor networks. We call the malicious code that exploits a buffer-overflow vulnerability in a sensor program sensor worm. Clearly, sensor worm will be a serious threat, if not the most dangerous one, when an attacker could simply send a single packet to compromise the entire sensor network. Despite its importance, so far little work has been focused on sensor worms. In this work, we first illustrate the feasibility of launching sensor worms through real experiments on Mica2 motes. Inspired by the survivability through heterogeneity philosophy, we then explore the technique of software diversity to combat sensor worms. Given a limited number of software versions, we design an efficient algorithm to assign the appropriate version of software to each sensor, so that sensor worms are restrained from propagation. We also examine the impact of sensor node deployment errors on worm propagation, which directs the selection of our system parameters based on percolation theory. Finally, extensive analytical and simulation results confirm the effectiveness of our scheme in containing sensor worms.
Secure Cooperative Sensing in IEEE 802.22 WRANs Using Shadow Fading Correlation
- IEEE Trans. Mobile Computing
, 2011
"... Abstract—Cooperative (or distributed) sensing has been recognized as a viable means to enhance the incumbent signal detection by exploiting the diversity of sensors. However, it is challenging to secure such distributed sensing due mainly to the unique features of dynamic spectrum access networks—op ..."
Abstract
-
Cited by 13 (4 self)
- Add to MetaCart
(Show Context)
Abstract—Cooperative (or distributed) sensing has been recognized as a viable means to enhance the incumbent signal detection by exploiting the diversity of sensors. However, it is challenging to secure such distributed sensing due mainly to the unique features of dynamic spectrum access networks—openness of low-layer protocol stacks in software-defined radio devices and the absence of interactions/coordination between primary and secondary devices. To meet this challenge, we propose an attack-tolerant distributed sensing protocol (ADSP) for DTV signal detection in IEEE 802.22 WRANs, under which sensors in close proximity are grouped as a cluster, and sensors within a cluster cooperate to safeguard the integrity of sensing. The heart of ADSP is a novel filter based on shadow-fading correlation, by which the fusion center cross-validates reports from the sensors to identify and penalize abnormal sensing reports. By realizing this correlation filter, ADSP significantly reduces the impact of an attack on the performance of distributed sensing, while incurring minimal processing and communication overheads. ADSP also guarantees the detectability requirements of 802.22 to be met even with the presence of sensing report manipulation attacks by scheduling sensing within the framework of sequential hypothesis testing. The efficacy of ADSP is validated on a realistic 2D shadow-fading field. Our extensive simulation-based study shows that ADSP reduces the false-alarm rate by 99.2 percent while achieving 97.4 percent of maximum achievable detection rate, and meets the detection requirements of IEEE 802.22 in various attack scenarios. Index Terms—Cognitive radio, cooperative sensing, shadowing correlation, attack tolerance, IEEE 802.22, sensing scheduling. Ç 1
