Containing bogus packet insertion attacks for broadcast authentication in sensor networks

Broadcast is a critical communication primitive in wireless sensor networks. The multihop nature of sensor networks makes it necessary for sensor nodes to forward broadcast messages so that the messages can reach an entire network. Authentication of broadcast messages is an important but challenging problem in sensor networks. Public key cryptography (PKC) has been used recently to address this problem. However, PKC-based authentication techniques are susceptible to bogus packet insertion attacks in which attackers keep broadcasting bogus messages and force resource-constrained sensor nodes to forward such messages. Moreover, because it takes time to do signature verifications, it is impractical for each node to authenticate every received message before forwarding it. In this article, we propose a dynamic window scheme to thwart the aforementioned bogus packet insertion attacks which permits sensor nodes to efficiently broadcast messages. Within this scheme, a sensor node has the ability to determine whether or not to verify an incoming message before forwarding the message. We further study the property of this dynamic window scheme and investigate the best strategy for thwarting bogus packet insertion attacks. We propose three strategies for finding the optimal parameters by an improved additive increase multiplicative decrease (AIMD) window updating function so that the proposed dynamic window scheme can achieve the best overall performance with respect to the authentication and forwarding times of messages. Numerical validations show that our proposed scheme performs very well in terms of energy saving and broadcast delays based on three different metrics, including average authentication delays, the percentage of nodes receiving fake messages, and the percentage of nodes forwarding fake messages.

[1]  Refik Molva,et al.  Efficient Multicast Packet Authentication , 2003, NDSS.

[2]  P. Ning,et al.  Multi-Level μ TESLA : Broadcast Authentication for Distributed Sensor Networks , 2004 .

[3]  Dawn Xiaodong Song,et al.  Expander graphs for digital stream authentication and robust overlay networks , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[4]  Yang Richard Yang,et al.  General AIMD congestion control , 2000, Proceedings 2000 International Conference on Network Protocols.

[5]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, Inf. Comput..

[6]  Elaine Shi,et al.  Detection of denial-of-message attacks on sensor network broadcasts , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[7]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[8]  Sushil Jajodia,et al.  Practical broadcast authentication in sensor networks , 2005, The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services.

[9]  Sanjeev Khanna,et al.  DoS Protection for Reliably Authenticated Broadcast , 2004, NDSS.

[10]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[11]  Chieh-Yih Wan,et al.  CODA: congestion detection and avoidance in sensor networks , 2003, SenSys '03.

[12]  Leonid Reyzin,et al.  Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying , 2002, ACISP.

[13]  Donggang Liu,et al.  Multilevel μTESLA: Broadcast authentication for distributed sensor networks , 2004, TECS.

[14]  Peng Ning,et al.  Mitigating DoS attacks against broadcast authentication in wireless sensor networks , 2008, TOSN.

[15]  Scott F. Midkiff,et al.  Denial-of-Service in Wireless Sensor Networks: Attacks and Defenses , 2008, IEEE Pervasive Computing.

[16]  Yih-Chun Hu Packet Leashes : A Defense against Wormhole Attacks in Wireless Ad Hoc Networks , 2001 .

[17]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, CRYPTO.

[18]  Ramesh Govindan,et al.  Interference-aware fair rate control in wireless sensor networks , 2006, SIGCOMM.

[19]  Adrian Perrig,et al.  Distillation Codes and Applications to DoS Resistant Multicast Authentication , 2004, NDSS.

[20]  Jessica Staddon,et al.  Graph-based authentication of digital streams , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[21]  E. Rasmussen Games and Information , 1989 .

[22]  Shivakant Mishra,et al.  Defending against path-based DoS attacks in wireless sensor networks , 2005, SASN '05.

[23]  Edwin K. P. Chong,et al.  Efficient multicast stream authentication using erasure codes , 2003, TSEC.

[24]  Yih-Chun Hu,et al.  Wormhole attacks in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[25]  Ran Canetti,et al.  Efficient and Secure Source Authentication for Multicast , 2001, NDSS.

[26]  David E. Culler,et al.  A transmission control scheme for media access in sensor networks , 2001, MobiCom '01.

[27]  Adrian Perrig,et al.  The BiBa one-time signature and broadcast authentication protocol , 2001, CCS '01.

[28]  Raj Jain,et al.  Analysis of the Increase and Decrease Algorithms for Congestion Avoidance in Computer Networks , 1989, Comput. Networks.

[29]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[30]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.