Scalable, Cluster-based Anti-replay Protection for Wireless Sensor Networks

Large-scale wireless sensor network (WSN) deployments show great promise for military, homeland security, and many other applications. This promise, however, is offset by important security concerns. The resource constraints that typify wireless sensor devices make traditional security solutions impractical. One threat to secure sensor networks is the replay attack, in which packets are captured and replayed into the network. This type of attack can be perpetrated to confuse observers or to mount a denial-of-service or denial-of-sleep attack. Traditional techniques for anti-replay protection are too resource intensive for large-scale WSN deployments. While techniques for reducing data transmission overhead of WSN-speciflc anti-replay mechanisms have been explored, the important problem of minimizing per-node reply table storage requirements has not been addressed. This paper introduces Clustered Anti-Replay Protection or CARP, which leverages sensor network clustering to place a limit on the amount of memory required to store anti-replay information. We show that clustering keeps the memory required for anti-replay tables manageable, reducing the size from 30% of a Mica2's memory to 4.4% for a 200-node network. While the advantages of this technique are clear, the difficulty lies in securely updating network-wide anti-replay tables when the network reclusters, an event that must happen routinely to distribute energy consumption across the nodes in the network. Our mechanism distributes necessary anti-replay information in a secure, low-overhead, and completely distributed manner. We further show the energy-consumption overhead of adding anti-replay counters to network traffic across several WSN medium access control (MAC) protocols and two representative WSN platforms. On the Mica2 platform, overheads range from a 0% to 1.32% decrease in network lifetime, depending on the MAC protocol. On the Tmote Sky, overheads range from 0% to 4.64%. Providing anti-replay support in a secure, scalable, and distributed way is necessary to the overall security of future WSN deployments if they are to meet current expectations.

[1]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[2]  Wendi Heinzelman,et al.  Proceedings of the 33rd Hawaii International Conference on System Sciences- 2000 Energy-Efficient Communication Protocol for Wireless Microsensor Networks , 2022 .

[3]  David E. Culler,et al.  SPINS: Security Protocols for Sensor Networks , 2001, MobiCom '01.

[4]  Peng Ning,et al.  Secure Distributed Cluster Formation in Wireless Sensor Networks , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[5]  Elaine Shi,et al.  Designing secure sensor networks , 2004, IEEE Wireless Communications.

[6]  Adrian Perrig,et al.  ACE: An Emergent Algorithm for Highly Uniform Cluster Formation , 2004, EWSN.

[7]  Deborah Estrin,et al.  Proceedings of the 5th Symposium on Operating Systems Design and Implementation Fine-grained Network Time Synchronization Using Reference Broadcasts , 2022 .

[8]  David A. Wagner,et al.  TinySec: a link layer security architecture for wireless sensor networks , 2004, SenSys '04.

[9]  Ossama Younis,et al.  HEED: a hybrid, energy-efficient, distributed clustering approach for ad hoc sensor networks , 2004, IEEE Transactions on Mobile Computing.

[10]  Gregory J. Pottie,et al.  Protocols for self-organization of a wireless sensor network , 2000, IEEE Wirel. Commun..

[11]  Deborah Estrin,et al.  Medium access control with coordinated adaptive sleeping for wireless sensor networks , 2004, IEEE/ACM Transactions on Networking.

[12]  David E. Culler,et al.  Versatile low power media access for wireless sensor networks , 2004, SenSys '04.

[13]  IV NathanielJ.Davis,et al.  Wireless sensor network energy-adaptive mac protocol , 2006, CCNC 2006. 2006 3rd IEEE Consumer Communications and Networking Conference, 2006..

[14]  J. Elson,et al.  Fine-grained network time synchronization using reference broadcasts , 2002, OSDI '02.

[15]  M. Brownfield,et al.  Effects of Denial of Sleep Attacks on Wireless Sensor Network MAC Protocols , 2006, 2006 IEEE Information Assurance Workshop.

[16]  N. Pissinou,et al.  A framework for trust-based cluster head election in wireless sensor networks , 2006, Second IEEE Workshop on Dependability and Security in Sensor Networks and Systems.

[17]  Anish Arora,et al.  Antireplay Protocols for Sensor Networks , 2005, Handbook on Theoretical and Algorithmic Aspects of Sensor, Ad Hoc Wireless, and Peer-to-Peer Networks.

[18]  Koen Langendoen,et al.  An adaptive energy-efficient MAC protocol for wireless sensor networks , 2003, SenSys '03.

[19]  Yang Xiao,et al.  Security services and enhancements in the IEEE 802.15.4 wireless sensor networks , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[20]  David A. Wagner,et al.  Security considerations for IEEE 802.15.4 networks , 2004, WiSe '04.