Distributed Privacy-Preserving Access Control in Sensor Networks

The owner and users of a sensor network may be different, which necessitates privacy-preserving access control. On the one hand, the network owner need enforce strict access control so that the sensed data are only accessible to users willing to pay. On the other hand, users wish to protect their respective data access patterns whose disclosure may be used against their interests. This paper presents DP2AC, a Distributed Privacy-Preserving Access Control scheme for sensor networks, which is the first work of its kind. Users in DP2AC purchase tokens from the network owner whereby to query data from sensor nodes which will reply only after validating the tokens. The use of blind signatures in token generation ensures that tokens are publicly verifiable yet unlinkable to user identities, so privacy-preserving access control is achieved. A central component in DP2AC is to prevent malicious users from reusing tokens, for which we propose a suite of distributed token reuse detection (DTRD) schemes without involving the base station. These schemes share the essential idea that a sensor node checks with some other nodes (called witnesses) whether a token has been used, but they differ in how the witnesses are chosen. We thoroughly compare their performance with regard to TRD capability, communication overhead, storage overhead, and attack resilience. The efficacy and efficiency of DP2AC are confirmed by detailed performance evaluations.

[1]  Kui Ren,et al.  DP²AC: Distributed Privacy-Preserving Access Control in Sensor Networks , 2009, IEEE INFOCOM 2009.

[2]  Nicholas Hopper,et al.  Combating Double-Spending Using Cooperative P2P Systems , 2007, 27th International Conference on Distributed Computing Systems (ICDCS '07).

[3]  Bo Sheng,et al.  Data storage placement in sensor networks , 2006, MobiHoc '06.

[4]  Wenjing Lou,et al.  Multi-user Broadcast Authentication in Wireless Sensor Networks , 2007, 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[5]  Roberto Di Pietro,et al.  A randomized, efficient, and distributed protocol for the detection of node replication attacks in wireless sensor networks , 2007, MobiHoc '07.

[6]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[7]  K. Nahrstedt,et al.  iPDA: An integrity-protecting private data aggregation scheme for wireless sensor networks , 2008, MILCOM 2008 - 2008 IEEE Military Communications Conference.

[8]  Dandan Liu,et al.  A Scalable Quorum Based Location Service in Ad Hoc and Sensor Networks , 2006, 2006 IEEE International Conference on Mobile Ad Hoc and Sensor Systems.

[9]  Ivan Stojmenovic,et al.  A scalable quorum-based location service in ad hoc and sensor networks , 2008 .

[10]  Peng Ning,et al.  Mitigating DoS attacks against broadcast authentication in wireless sensor networks , 2008, TOSN.

[11]  Donggang Liu,et al.  Efficient and distributed access control for sensor networks , 2007, Wirel. Networks.

[12]  Adrian Perrig,et al.  Distributed detection of node replication attacks in sensor networks , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[13]  Peter Desnoyers,et al.  TSAR: a two tier sensor storage architecture using interval skip graphs , 2005, SenSys '05.

[14]  Robert H. Deng,et al.  A novel privacy preserving authentication and access control scheme for pervasive computing environments , 2006, IEEE Transactions on Vehicular Technology.

[15]  David Evans,et al.  Localization for mobile sensor networks , 2004, MobiCom '04.

[16]  Ivan Stojmenovic,et al.  Routing with Guaranteed Delivery in Ad Hoc Wireless Networks , 1999, DIALM '99.

[17]  Xue Liu,et al.  PDA: Privacy-Preserving Data Aggregation in Wireless Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[18]  Sarvar Patel,et al.  Efficient authentication and key distribution in wireless IP networks , 2003, IEEE Wireless Communications.

[19]  Jaap-Henk Hoepman,et al.  Distributed Double Spending Prevention , 2007, Security Protocols Workshop.

[20]  Yang Yu,et al.  Query privacy in wireless sensor networks , 2007, 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[21]  Paul Malliavin,et al.  Stochastic Analysis , 1997, Nature.

[22]  Sencun Zhu,et al.  Least privilege and privilege deprivation: towards tolerating mobile sink compromises in wireless sensor networks , 2005, MobiHoc '05.

[23]  Qun Li,et al.  Distributed User Access Control in Sensor Networks , 2006, DCOSS.

[24]  Nancy A. Lynch,et al.  A Reliable Broadcast Scheme for Sensor Networks , 2003 .

[25]  Sencun Zhu,et al.  pDCS: Security and Privacy Support for Data-Centric Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[26]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[27]  Jie Gao,et al.  Double Rulings for Information Brokerage in Sensor Networks , 2006, IEEE/ACM Transactions on Networking.

[28]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[29]  William M. McEneaney,et al.  Stochastic Analysis, Control, Optimization and Applications: A Volume in Honor of W.H. Fleming , 2012 .

[30]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[31]  Qun Li,et al.  Efficient Implementation of Public Key Cryptosystems on Mote Sensors (Short Paper) , 2006, ICICS.

[32]  Yuguang Fang,et al.  Access control in wireless sensor networks , 2007, Ad Hoc Networks.

[33]  Leonard E. Miller,et al.  Distribution of Link Distances in a Wireless Network , 2001, Journal of research of the National Institute of Standards and Technology.

[34]  Richard P. Martin,et al.  A security and robustness performance analysis of localization algorithms to signal strength attacks , 2009, TOSN.

[35]  Sushil Jajodia,et al.  Efficient Distributed Detection of Node Replication Attacks in Sensor Networks , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[36]  Dan Boneh,et al.  TWENTY YEARS OF ATTACKS ON THE RSA CRYPTOSYSTEM , 1999 .

[37]  B. R. Badrinath,et al.  Routing on a curve , 2003, CCRV.