Statistical En-route Detection and Filtering of Injected False Data in Sensor Networks

In a large-scale sensor network individual sensors are subject to security compromises. A compromised node can inject bogus sensing reports into the network. If undetected, these bogus reports would be forwarded to the data collection point (i.e. the sink). Such attacks by compr omised sensors can cause not only false alarms but also the depletion of the finite amount of energy in a battery powered network. In this paper we present a Statistical Enroute Filtering (SEF) mechanism that can detect and drop such false reports. SEF requires that each sensing report be validated by multiple keyed message authentication codes (MACs), each generated by a node that detects the same event. As the report is forwarded, each node along the way verifies the correctness of the MACs probabilistically and drops those with invalid MACs at earliest points. The sink further filters out remaining false reports that escape the en-route filtering. SEF exploits the network scale to determine the truthfulness of each report through collective decision-making by multiples detecting nodes and collecti ve false-report-detection by multiple forwarding nodes. Our analysis and simulations show that, with an overhead of 14 bytes per report, SEF is able to drop 80 90% falsely injected reports by a compromised node within 10 forwarding hops.

[1]  Wenke Lee,et al.  Intrusion Detection Techniques for Mobile Wireless Networks , 2003, Wirel. Networks.

[2]  H BloomBurton Space/time trade-offs in hash coding with allowable errors , 1970 .

[3]  Stefano Basagni,et al.  Secure pebblenets , 2001, MobiHoc '01.

[4]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[5]  David A. Wagner,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Ad Hoc Networks.

[6]  Yih-Chun Hu,et al.  Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks , 2002, MobiCom '02.

[7]  Songwu Lu,et al.  Self-organized network-layer security in mobile ad hoc networks , 2002, WiSE '02.

[8]  Jiejun Kong,et al.  Providing robust and ubiquitous security support for mobile ad-hoc networks , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[9]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[10]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[11]  Deborah Estrin,et al.  Directed diffusion: a scalable and robust communication paradigm for sensor networks , 2000, MobiCom '00.

[12]  Haiyun Luo,et al.  A two-tier data dissemination model for large-scale wireless sensor networks , 2002, MobiCom '02.

[13]  Peter Kruus,et al.  CONSTRAINTS AND APPROACHES FOR DISTRIBUTED SENSOR NETWORK SECURITY , 2000 .

[14]  Songwu Lu,et al.  PEAS: a robust energy conserving protocol for long-lived sensor networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[15]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[16]  C. Karlof,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, 2003..

[17]  Yih-Chun Hu Packet Leashes : A Defense against Wormhole Attacks in Wireless Ad Hoc Networks , 2001 .

[18]  Robert Szewczyk,et al.  System architecture directions for networked sensors , 2000, ASPLOS IX.

[19]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[20]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[21]  Mani B. Srivastava,et al.  Optimizing Sensor Networks in the Energy-Latency-Density Design Space , 2002, IEEE Trans. Mob. Comput..

[22]  Songwu Lu,et al.  A Robust Data Delivery Protocol for Large Scale Sensor Networks , 2003, IPSN.

[23]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[24]  Michael Mitzenmacher,et al.  Compressed bloom filters , 2001, PODC '01.

[25]  Miodrag Potkonjak,et al.  On communication security in wireless ad-hoc sensor networks , 2002, Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[26]  Haiyun Luo,et al.  Adaptive Security for Multi-layer Ad-hoc Networks , 2002 .