Results 1 - 10
of
48
Sensor network security: A survey
- IEEE Commun. Surveys Tutorials
, 2009
"... Abstract—Wireless sensor networks (WSNs) use small nodes with constrained capabilities to sense, collect, and disseminate information in many types of applications. As sensor networks become wide-spread, security issues become a central concern, especially in mission-critical tasks. In this paper, w ..."
Abstract
-
Cited by 57 (0 self)
- Add to MetaCart
(Show Context)
Abstract—Wireless sensor networks (WSNs) use small nodes with constrained capabilities to sense, collect, and disseminate information in many types of applications. As sensor networks become wide-spread, security issues become a central concern, especially in mission-critical tasks. In this paper, we identify the threats and vulnerabilities to WSNs and summarize the defense methods based on the networking protocol layer analysis first. Then we give a holistic overview of security issues. These issues are divided into seven categories: cryptography, key manage-ment, attack detections and preventions, secure routing, secure location security, secure data fusion, and other security issues. Along the way we analyze the advantages and disadvantages of
Mitigating control-channel jamming attacks in multi-channel ad hoc networks, in
- Proc. of the Second ACM Conf. on Wireless Network Security, WiSec
"... We address the problem of control-channel jamming attacks in multi-channel ad hoc networks. Deviating from the tra-ditional view that sees jamming attacks as a physical-layer vulnerability, we consider a sophisticated adversary who ex-ploits knowledge of the protocol mechanics along with cryp-tograp ..."
Abstract
-
Cited by 48 (7 self)
- Add to MetaCart
(Show Context)
We address the problem of control-channel jamming attacks in multi-channel ad hoc networks. Deviating from the tra-ditional view that sees jamming attacks as a physical-layer vulnerability, we consider a sophisticated adversary who ex-ploits knowledge of the protocol mechanics along with cryp-tographic quantities extracted from compromised nodes to maximize the impact of his attack on higher-layer functions. We propose new security metrics that quantify the abil-ity of the adversary to deny access to the control channel, and the overall delay incurred in re-establishing the con-trol channel. We also propose a randomized distributed scheme that allows nodes to establish a new control channel using frequency hopping. Our method differs from classic frequency hopping in that no two nodes share the same hop-ping sequence, thus mitigating the impact of node compro-mise. Furthermore, a compromised node is uniquely identi-fied through its hop sequence, leading to its isolation from any future information regarding the frequency location of the control channel.
TinyPBC: Pairings for authenticated identity-based non-interactive key distribution in sensor networks
- In Networked Sensing Systems, 2008. INSS 2008. 5th International Conference on
, 2008
"... Abstract — Key distribution in Wireless Sensor Networks (WSNs) is challenging. Symmetric cryptosystems can perform it efficiently, but they often do not provide a perfect trade-off between resilience and storage. Further, even though conventional public key and elliptic curve cryptosystems are compu ..."
Abstract
-
Cited by 34 (4 self)
- Add to MetaCart
(Show Context)
Abstract — Key distribution in Wireless Sensor Networks (WSNs) is challenging. Symmetric cryptosystems can perform it efficiently, but they often do not provide a perfect trade-off between resilience and storage. Further, even though conventional public key and elliptic curve cryptosystems are computationally feasible on sensor nodes, protocols based on them are not. They require exchange and storage of large keys and certificates, which is expensive. Using Pairing-based Cryptography (PBC) protocols, conversely, parties can agree on keys without any interaction. In this work, we (i) show how security in WSNs can be bootstrapped using an authenticated identitybased non-interactive protocol and (ii) present TinyPBC, to our knowledge, the most efficient implementation of PBC primitives for an 8-bit processor. TinyPBC is able to compute pairings in about 5.5s on an ATmega128L clocked at 7.3828-MHz (the MICA2 and MICAZ node microcontroller). I.
Body Sensor Network Security: An Identity-Based Cryptography Approach
, 2008
"... A body sensor network (BSN), is a network of sensors deployed on a person’s body, usually for health care monitoring. Since the sensors collect personal medical data, security and privacy are important components in a body sensor network. At the same time, the collected data has to readily available ..."
Abstract
-
Cited by 19 (1 self)
- Add to MetaCart
A body sensor network (BSN), is a network of sensors deployed on a person’s body, usually for health care monitoring. Since the sensors collect personal medical data, security and privacy are important components in a body sensor network. At the same time, the collected data has to readily available in the event of an emergency. In this paper, we present IBE-Lite, a lightweight identity-based encryption suitable for sensors, and developed protocols based on IBE-Lite for a BSN.
Identity-based encryption for sensor networks
- In 5th IEEE Int’l Conference on Pervasive Computing and Communications Workshops (PERCOMW ’07
, 2007
"... In spite of several years of intense research, the area of security and cryptography in Wireless Sensor Networks (WSNs) still has a number of open problems. On the other hand, the advent of Identity-Based Encryption (IBE) has enabled a wide range of new cryptographic solutions. In this work, we argu ..."
Abstract
-
Cited by 18 (3 self)
- Add to MetaCart
(Show Context)
In spite of several years of intense research, the area of security and cryptography in Wireless Sensor Networks (WSNs) still has a number of open problems. On the other hand, the advent of Identity-Based Encryption (IBE) has enabled a wide range of new cryptographic solutions. In this work, we argue that IBE is ideal for WSNs and vice versa. We discuss the synergy between the systems, describe how IBE can solve the key agreement problem in WSNs, and present some estimates of performance. 1
iPAK: an in-situ pairwise key bootstrapping scheme for wireless sensor networks
- IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS
, 2006
"... Wireless Sensor Networks (WSNs) are characterized by resource constraints and large scalability. Many applications of WSN require secure communication, a crucial component especially in hostile environments. However, the low computational capability and small storage budget within sensors render man ..."
Abstract
-
Cited by 13 (4 self)
- Add to MetaCart
(Show Context)
Wireless Sensor Networks (WSNs) are characterized by resource constraints and large scalability. Many applications of WSN require secure communication, a crucial component especially in hostile environments. However, the low computational capability and small storage budget within sensors render many popular public-key based cryptographic systems impractical. Symmetric key cryptography, on the other hand, is attractive due to efficiency. Nevertheless, establishing a shared key for communicating parties is a challenging problem. In this paper, we propose and analyze an in-situ PAirwise Key bootstrapping scheme (iPAK) for large-scale WSNs. Our theoretical analy-sis and simulation study demonstrate that iPAK can achieve high key-sharing probability between neighboring sensors and strong resilience against node capture attacks at the cost of a low storage overhead.
Secure and highly-available aggregation queries in large-scale sensor networks via set sampling
- In ACM/IEEE IPSN
, 2009
"... Wireless sensor networks are often queried for aggregates such as predicate count, sum, and average. In untrusted environments, sensors may potentially be compromised. Existing approaches for securely answering aggregation queries in untrusted sensor networks can detect whether the aggregation resul ..."
Abstract
-
Cited by 12 (3 self)
- Add to MetaCart
(Show Context)
Wireless sensor networks are often queried for aggregates such as predicate count, sum, and average. In untrusted environments, sensors may potentially be compromised. Existing approaches for securely answering aggregation queries in untrusted sensor networks can detect whether the aggregation result is corrupted by an attacker. However, the attacker (controlling the compromised sensors) can keep corrupting the result, rendering the system unavailable. This paper aims to enable aggregation queries to tolerate instead of just detecting the adversary. To this end, we propose a novel tree sampling algorithm that directly uses sampling to answer aggregation queries. It leverages a novel set sampling technique to overcome a key and well-known obstacle in sampling — traditional sampling technique is only effective when the predicate count or sum is large. Set sampling can efficiently sample a set of sensors together, and determine whether any sensor in the set satisfies the predicate (but not how many). With set sampling as a building block, tree sampling can provably generate a correct answer despite adversarial interference, while without the drawbacks of traditional sampling techniques.
SMOCK: A Scalable Method of Cryptographic Key Management For Mission-Critical Networks
"... Abstract — Mission-critical networks show great potential in emergency response and/or recovery, health care, critical infras-tructure monitoring, etc. Such mission-critical applications de-mand security service be “anywhere”, “anytime ” and “anyhow”. However, it is challenging to design a key manag ..."
Abstract
-
Cited by 12 (2 self)
- Add to MetaCart
Abstract — Mission-critical networks show great potential in emergency response and/or recovery, health care, critical infras-tructure monitoring, etc. Such mission-critical applications de-mand security service be “anywhere”, “anytime ” and “anyhow”. However, it is challenging to design a key management scheme in current mission-critical networks to fulfill the required attributes of secure communications, such as data integrity, authentication, confidentiality, non-repudiation and service availability. In this paper, we present a self-contained public key management scheme, called SMOCK, which achieves almost zero commu-nication overhead for authentication, and offers high service availability. In our scheme, small number of cryptographic keys are stored off-line at individual nodes before they are deployed in the network. To provide good scalability in terms of number of nodes and storage space, we utilize a combinatorial design of public-private key pairs, which means nodes combine more than one key pair to encrypt and decrypt messages. We also show that SMOCK provides controllable resilience when malicious nodes compromise a limited number of nodes before key revocation and renewal. I.
Authentication protocols for ad hoc networks: taxonomy and research issues
- In Q2SWinet ’05: Proceedings of the 1st ACM international workshop on Quality of service & security in wireless and mobile networks
, 2005
"... Ad hoc networks, such as sensor and mobile ad hoc networks, must overcome a myriad of security challenges to realize their potential in both civil and military applications. Typically, ad hoc networks are deployed in un-trusted environments. Consequently, authentication is a precursor to any secure ..."
Abstract
-
Cited by 12 (2 self)
- Add to MetaCart
(Show Context)
Ad hoc networks, such as sensor and mobile ad hoc networks, must overcome a myriad of security challenges to realize their potential in both civil and military applications. Typically, ad hoc networks are deployed in un-trusted environments. Consequently, authentication is a precursor to any secure interactions in these networks. Recently, numerous authentication protocols have been proposed for ad hoc networks. To date, there is no common framework to evaluate these protocols. Towards developing such a framework, this paper proposes a generic authentication process and a new taxonomy that clarifies similarities and differences among authentication protocols reported in the literature. The taxonomy is based upon the role of nodes in the authentication function, establishment of credentials, and type of credentials. We also motivate the need for an authentication management architecture and discuss some open research issues.
Efficient Security Primitives Derived from a Secure Aggregation Algorithm
- CCS'08
, 2008
"... By functionally decomposing a specific algorithm (the hierarchical secure aggregation algorithm of Chan et al. [3] and Frikken et al. [7]), we uncover a useful general functionality which we use to generate various efficient network security primitives, including: a signature scheme ensuring authent ..."
Abstract
-
Cited by 9 (2 self)
- Add to MetaCart
(Show Context)
By functionally decomposing a specific algorithm (the hierarchical secure aggregation algorithm of Chan et al. [3] and Frikken et al. [7]), we uncover a useful general functionality which we use to generate various efficient network security primitives, including: a signature scheme ensuring authenticity, integrity and non-repudiation for arbitrary node-to-node communications; an efficient broadcast authentication algorithm not requiring time synchronization; a scheme for managing public keys in a sensor network without requiring any asymmetric cryptographic operations to verify the validity of public keys, and without requiring nodes to maintain node revocation lists. Each of these applications uses the same basic data aggregation primitive and thus have O(log n) congestion performance and require only that symmetric secret keys are shared between each node and the base station. We thus observe the fact that the optimizations developed in the application area of secure aggregation can feed back into creating more optimized versions of highly general, basic security functions.
