Results 1 - 10
of
46
LEAP: Efficient Security Mechanisms for Large-scale Distributed Sensor Networks
, 2003
"... Protocol), a key management protocol for sensor networks that is designed to support in-network processing, while at the same time restricting the security impact of a node compromise to the immediate network neighborhood of the compromised node. The design of the protocol is motivated by the observ ..."
Abstract
-
Cited by 469 (22 self)
- Add to MetaCart
(Show Context)
Protocol), a key management protocol for sensor networks that is designed to support in-network processing, while at the same time restricting the security impact of a node compromise to the immediate network neighborhood of the compromised node. The design of the protocol is motivated by the observation that different types of messages exchanged between sensor nodes have different security requirements, and that a single keying mechanism is not suitable for meeting these different security requirements. LEAP supports the establishment of four types of keys for each sensor node – an individual key shared with the base station, a pairwise key shared with another sensor node, a cluster key shared with multiple neighboring nodes, and a group key that is shared by all the nodes in the network. The protocol used for establishing and updating these keys
SDAP: A secure hop-by-hop data aggregation protocol for sensor networks
, 2008
"... Hop-by-hop data aggregation is a very important technique for reducing the communication overhead and energy expenditure of sensor nodes during the process of data collection in a sensor network. However, because individual sensor readings are lost in the per-hop aggregation process, compromised nod ..."
Abstract
-
Cited by 134 (10 self)
- Add to MetaCart
(Show Context)
Hop-by-hop data aggregation is a very important technique for reducing the communication overhead and energy expenditure of sensor nodes during the process of data collection in a sensor network. However, because individual sensor readings are lost in the per-hop aggregation process, compromised nodes in the network may forge false values as the aggregation results of other nodes, tricking the base station into accepting spurious aggregation results. Here a fundamental challenge is how can the base station obtain a good approximation of the fusion result when a fraction of sensor nodes are compromised? To answer this challenge, we propose SDAP, a Secure Hop-by-hop Data Aggregation Protocol for sensor networks. SDAP is a general-purpose secure data aggregation protocol applicable to multiple aggregation functions. The design of SDAP is based on the principles of divide-andconquer and commit-and-attest. First, SDAP uses a novel probabilistic grouping technique to dynamically partition the nodes in a tree topology into multiple logical groups (subtrees) of similar sizes. A commitment-based hop-by-hop aggregation is performed in each group to generate a group aggregate. The base station then identifies the suspicious groups based on the set of group aggregates. Finally, each group under suspect participates in an attestation process to prove the
Towards Statistically Strong Source Anonymity for Sensor Networks
- In IEEE INFOCOM
, 2008
"... Abstract—For sensor networks deployed to monitor and report real events, event source anonymity is an attractive and critical security property, which unfortunately is also very difficult and expensive to achieve. This is not only because adversaries may attack against sensor source privacy through ..."
Abstract
-
Cited by 59 (10 self)
- Add to MetaCart
(Show Context)
Abstract—For sensor networks deployed to monitor and report real events, event source anonymity is an attractive and critical security property, which unfortunately is also very difficult and expensive to achieve. This is not only because adversaries may attack against sensor source privacy through traffic analysis, but also because sensor networks are very limited in resources. As such, a practical tradeoff between security and performance is desirable. In this paper, for the first time we propose the notion of statistically strong source anonymity, under a challenging attack model where a global attacker is able to monitor the traffic in the entire network. We propose a scheme called FitProbRate, which realizes statistically strong source anonymity for sensor networks. We also demonstrate the robustness of our scheme under various statistical tests that might be employed by the attacker to detect real events. Our analysis and simulation results show that our scheme, besides providing source anonymity, can significantly reduce real event reporting latency compared to two baseline schemes. Index Terms—security and privacy, source anonymity, statistical test, SPRT, sensor networks I.
Dependable and Secure Sensor Data Storage with Dynamic Integrity Assurance
- Proc. IEEE INFOCOM, Apr. 2009. 684 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL
, 2011
"... Abstract—Recently, distributed data storage has gained in-creasing popularity for efficient and robust data management in wireless sensor networks (WSNs). But the distributed architecture also makes it challenging to build a highly secure and dependable yet lightweight data storage system. On the on ..."
Abstract
-
Cited by 40 (9 self)
- Add to MetaCart
(Show Context)
Abstract—Recently, distributed data storage has gained in-creasing popularity for efficient and robust data management in wireless sensor networks (WSNs). But the distributed architecture also makes it challenging to build a highly secure and dependable yet lightweight data storage system. On the one hand, sensor data are subject to not only Byzantine failures, but also dynamic pollu-tion attacks, as along the time the adversary may modify/pollute the stored data by compromising individual sensors. On the other hand, the resource-constrained nature of WSNs precludes the applicability of heavyweight security designs. To address the challenges, we propose a novel dependable and secure data storage scheme with dynamic integrity assurance in this paper. Based on the principle of secret sharing and erasure coding, we first propose a hybrid share generation and distribution scheme to achieve reliable and fault-tolerant initial data storage by providing redundancy for original data components. To further dynamically ensure the integrity of the distributed data shares, we then propose an efficient data integrity verification scheme exploiting the technique of algebraic signatures. The proposed scheme enables individual sensors to verify in one protocol execution all the pertaining data shares simultaneously in the absence of the original data. Extensive security and performance analysis shows that the proposed schemes have strong resistance against various attacks and are practical for WSNs. I.
Secure range queries in tiered sensor networks
- in Proc. IEEE INFOCOM, 2009,pp
"... Abstract—We envision a two-tier sensor network which consists of resource-rich master nodes at the upper tier and resource-poor sensor nodes at the lower tier. Master nodes collect data from sensor nodes and answer the queries from the network owner. The reliance on master nodes for data storage and ..."
Abstract
-
Cited by 25 (6 self)
- Add to MetaCart
(Show Context)
Abstract—We envision a two-tier sensor network which consists of resource-rich master nodes at the upper tier and resource-poor sensor nodes at the lower tier. Master nodes collect data from sensor nodes and answer the queries from the network owner. The reliance on master nodes for data storage and query processing raises concerns about both data confidentiality and query-result correctness in hostile environments. In particular, a compromised master node may leak hosted sensitive data to the adversary; it may also return juggled or incomplete data in response to a query. This paper presents a novel spatiotemporal crosscheck approach to ensure secure range queries in event-driven two-tier sensor networks. It offers data confidentiality by preventing master nodes from reading hosted data and also enables efficient range-query processing. More importantly, it allows the network owner to verify with very high probability whether a query result is authentic and complete by examining the spatial and temporal relationships among the returned data. The high efficacy and efficiency of our approach are confirmed by detailed performance evaluations. I.
Mobility Reduces Uncertainty in MANETs
- In INFOCOM 2007. 26th IEEE International Conference on Computer Communications. IEEE
, 1946
"... Abstract — Evaluating and quantifying trust stimulates collaboration in mobile ad hoc networks (MANETs). Many existing reputation systems sharply divide the trust value into right or wrong, thus ignore another core dimension of trust: uncertainty. As uncertainty deeply impacts a node’s anticipation ..."
Abstract
-
Cited by 20 (2 self)
- Add to MetaCart
(Show Context)
Abstract — Evaluating and quantifying trust stimulates collaboration in mobile ad hoc networks (MANETs). Many existing reputation systems sharply divide the trust value into right or wrong, thus ignore another core dimension of trust: uncertainty. As uncertainty deeply impacts a node’s anticipation of others’ behavior and decisions during interaction, we include uncertainty in the reputation system. Specifically, we use an uncertainty metric to directly reflect a node’s confidence in the sufficiency of its past experience, and study how the collection of trust information may affect uncertainty in nodes ’ opinions. Higher uncertainty leads to higher transaction cost and reduced acceptance of communication and cooperation. After defining a way to reveal and compute the uncertainty in trust opinions, we exploit mobility, one of the important characteristics of MANETs, to efficiently reduce uncertainty and to speed up trust convergence. A two-level Mobility Assisted Uncertainty Reduction Scheme (MAURS) that offers controllable trade-off between time and cost to achieve a trust a convergence objective is also provided. Extensive analytical and simulation results are presented to support our proposal.
Comparing symmetric-key and public-key based security schemes in sensor networks: a case study of user access control In:
- IEEE ICDCS,
, 2008
"... ..."
(Show Context)
Fdac: Toward fine-grained distributed data access control in wireless sensor networks
- IEEE Transactions on Parallel and Distributed Systems
, 2011
"... Abstract—Distributed sensor data storage and retrieval have gained increasing popularity in recent years for supporting various applications. While distributed architecture enjoys a more robust and fault-tolerant wireless sensor network (WSN), such architecture also poses a number of security challe ..."
Abstract
-
Cited by 18 (2 self)
- Add to MetaCart
(Show Context)
Abstract—Distributed sensor data storage and retrieval have gained increasing popularity in recent years for supporting various applications. While distributed architecture enjoys a more robust and fault-tolerant wireless sensor network (WSN), such architecture also poses a number of security challenges especially when applied in mission-critical applications such as battlefield and e-healthcare. First, as sensor data are stored and maintained by individual sensors and unattended sensors are easily subject to strong attacks such as physical compromise, it is significantly harder to ensure data security. Second, in many mission-critical applications, fine-grained data access control is a must as illegal access to the sensitive data may cause disastrous results and/or be prohibited by the law. Last but not least, sensor nodes usually are resource-constrained, which limits the direct adoption of expensive cryptographic primitives. To address the above challenges, we propose, in this paper, a distributed data access control scheme that is able to enforce fine-grained access control over sensor data and is resilient against strong attacks such as sensor compromise and user colluding. The proposed scheme exploits a novel cryptographic primitive called attribute-based encryption (ABE), tailors, and adapts it for WSNs with respect to both performance and security requirements. The feasibility of the scheme is demonstrated by experiments on real sensor platforms. To our best knowledge, this paper is the first to realize distributed fine-grained data access control for WSNs. Index Terms—Data access control, wireless sensor network, distributed storage, attribute-based encryption. Ç
Secure multidimensional range queries in sensor networks
- In Proceedings of the ACM International Symposium on Mobile Ad Hoc Networking and Computing, Hong Kong
, 2009
"... Most future large-scale sensor networks are expected to follow a two-tier architecture which consists of resource-rich master nodes at the upper tier and resource-poor sensor nodes at the lower tier. Sensor nodes submit data to nearby master nodes which then an-swer the queries from the network owne ..."
Abstract
-
Cited by 18 (6 self)
- Add to MetaCart
(Show Context)
Most future large-scale sensor networks are expected to follow a two-tier architecture which consists of resource-rich master nodes at the upper tier and resource-poor sensor nodes at the lower tier. Sensor nodes submit data to nearby master nodes which then an-swer the queries from the network owner on behalf of sensor nodes. Relying on master nodes for data storage and query processing raises severe concerns about data confidentiality and query-result correctness when the sensor network is deployed in hostile environ-ments. In particular, a compromised master node may leak hosted sensitive data to the adversary; it may also return juggled or incom-plete query results to the network owner. This paper, for the first time in the literature, presents a suite of novel schemes to secure multidimensional range queries in tiered sensor networks. The pro-posed schemes can ensure data confidentiality against master nodes and also enable the network owner to verify with very high proba-bility the authenticity and completeness of any query result by in-specting the spatial and temporal relationships among the returned data. Detailed performance evaluations confirm the high efficacy and efficiency of the proposed schemes.
Distributed User Access Control in Sensor Networks
- In IEEE International Conference on Distributed Computing in Sensor Systems (DCOSS
, 2006
"... Abstract. User access control in sensor networks defines a process of granting user the access right to the information and resources. It is essential for the future real sensor network deployment in which sensors may provide users with different services in terms of data and resource access. A cent ..."
Abstract
-
Cited by 16 (8 self)
- Add to MetaCart
(Show Context)
Abstract. User access control in sensor networks defines a process of granting user the access right to the information and resources. It is essential for the future real sensor network deployment in which sensors may provide users with different services in terms of data and resource access. A centralized access control mechanism requires base station to be involved whenever a user requests to get authenticated and access the information stored in the sensor node, which is inefficient, not scalable, and is exposed to many potential attacks along the long communication path. In this paper, we propose a distributed user access control under a realistic adversary model in which sensors can be compromised and user may collude. We split the access control into local authentication conducted by the sensors physically close to the user, and a light remote authentication based on the endorsement of the local sensors. Elliptic Curve Cryptography (ECC), a public key cryptography scheme, is used for local authentication. We implement the access control protocols on a testbed of TelosB motes. Our analysis and experimental results show that our scheme is feasible for real access control requirement. 1
