Mitigating DOS attacks against signature-based broadcast authentication in wireless sensor networks

Broadcast authentication is a critical security service in wireless sensor networks. There are a number of benefits to provide broadcast authentication with digital signatures, such as immediate authentication capability and the ease of managing cryptographic keys, compared with the alternative of TESLA-based approaches. Though previously considered infeasible, recent results have demonstrated that it is possible to perform public key cryptography on resource constrained sensor nodes efficiently. However, using digital signatures for broadcast authentication still faces a great challenge of denial of service (DoS) attacks: An attacker can inject bogus broadcast packets to force sensor nodes to perform expensive signature verifications, and thus exhaust their limited battery power. This paper presents an efficient mechanism called message specific puzzle to mitigate such DoS attacks. In addition to a digital signature, this approach adds a weak authenticator in each broadcast packet, which can be efficiently verified by a regular sensor node, but takes a computationally powerful attacker a substantial amount of time to forge. Upon receiving a broadcast packet, each sensor node first verifies the weak authenticator, and performs the expensive signature verification operation only when the weak authenticator is valid. A weak authenticator cannot be pre-computed without a non-reusable key disclosed only in a valid broadcast packet. As a result, an attacker cannot start the expensive computation to forge a weak authenticator without seeing a valid broadcast packet. Even if an attacker has sufficient computational resources to forge one or more weak authenticators, it is difficult to reuse these forged weak authenticators. Thus, this weak authentication mechanism substantially increases the difficulty of launching successful DoS attacks against signature verifications. This paper also reports an implementation (called TinySigGuard) of the proposed techniques on TinyOS, as well as the experimental evaluation in a network of MICAz motes.

[1]  Donggang Liu,et al.  Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks , 2002, NDSS.

[2]  Stefano Chessa,et al.  Wireless sensor networks: A survey on the state of the art and the 802.15.4 and ZigBee standards , 2007, Comput. Commun..

[3]  David E. Culler,et al.  The nesC language: A holistic approach to networked embedded systems , 2003, PLDI '03.

[4]  David E. Culler,et al.  SPINS: security protocols for sensor networks , 2001, MobiCom '01.

[5]  Refik Molva,et al.  Efficient Multicast Packet Authentication , 2003, NDSS.

[6]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[7]  B. R. Badrinath,et al.  Ad hoc positioning system (APS) , 2001, GLOBECOM'01. IEEE Global Telecommunications Conference (Cat. No.01CH37270).

[8]  Donggang Liu,et al.  Multilevel μTESLA: Broadcast authentication for distributed sensor networks , 2004, TECS.

[9]  James Newsome,et al.  GEM: Graph EMbedding for routing and data-centric storage in sensor networks without geographic information , 2003, SenSys '03.

[10]  David E. Culler,et al.  System architecture directions for networked sensors , 2000, SIGP.

[11]  Sushil Jajodia,et al.  Practical broadcast authentication in sensor networks , 2005, The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services.

[12]  Yih-Chun Hu,et al.  Wormhole Detection in Wireless Ad Hoc Networks , 2002 .

[13]  Ran Canetti,et al.  Efficient and Secure Source Authentication for Multicast , 2001, NDSS.

[14]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[15]  Jessica Staddon,et al.  Graph-based authentication of digital streams , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[16]  Dawn Xiaodong Song,et al.  Expander graphs for digital stream authentication and robust overlay networks , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[17]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, CRYPTO.

[18]  Ian F. Akyildiz,et al.  Wireless sensor networks: a survey , 2002, Comput. Networks.

[19]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[20]  Yu-Chee Tseng,et al.  The Broadcast Storm Problem in a Mobile Ad Hoc Network , 1999, Wirel. Networks.

[21]  Adrian Perrig,et al.  The BiBa one-time signature and broadcast authentication protocol , 2001, CCS '01.

[22]  Mahtab Seddigh,et al.  Dominating Sets and Neighbor Elimination-Based Broadcasting Algorithms in Wireless Networks , 2002, IEEE Trans. Parallel Distributed Syst..

[23]  Markus Jakobsson,et al.  Efficient Constructions for One-Way Hash Chains , 2005, ACNS.

[24]  Edwin K. P. Chong,et al.  Efficient multicast stream authentication using erasure codes , 2003, TSEC.

[25]  Ian F. Blake,et al.  Elliptic Curves in Cryptography: Preface , 1999 .

[26]  Adrian Perrig,et al.  Distillation Codes and Applications to DoS Resistant Multicast Authentication , 2004, NDSS.

[27]  Pekka Nikander,et al.  DOS-resistant authentication with client puzzles. Discussion , 2001 .

[28]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[29]  Brent Waters,et al.  New client puzzle outsourcing techniques for DoS resistance , 2004, CCS '04.

[30]  Tuomas Aura DOS-Resistant Authentication with Client Puzzles (Transcript of Discussion) , 2000, Security Protocols Workshop.

[31]  Ari Juels,et al.  Client puzzles: A cryptographic defense against connection depletion , 1999 .

[32]  Michael K. Reiter,et al.  Mitigating bandwidth-exhaustion attacks using congestion puzzles , 2004, CCS '04.

[33]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[34]  Yih-Chun Hu Packet Leashes : A Defense against Wormhole Attacks in Wireless Ad Hoc Networks , 2001 .

[35]  K P ChongEdwin,et al.  Efficient multicast stream authentication using erasure codes , 2003 .

[36]  Sanjeev Khanna,et al.  DoS Protection for Reliably Authenticated Broadcast , 2004, NDSS.

[37]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[38]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[39]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.