DP²AC: Distributed Privacy-Preserving Access Control in Sensor Networks

The owner and users of a sensor network may be different, which necessitates privacy-preserving access control. On the one hand, the network owner need enforce strict access control so that the sensed data are only accessible to users willing to pay. On the other hand, users wish to protect their respective data access patterns whose disclosure may be used against their interests. This paper presents DP 2 AC, a Distributed Privacy- Preserving Access Control scheme for sensor networks, which is the first work of its kind. Users in DP 2 AC purchase tokens from the network owner whereby to query data from sensor nodes which will reply only after validating the tokens. The use of blind signatures in token generation ensures that tokens are publicly verifiable yet unlinkable to user identities, so privacy- preserving access control is achieved. A central component in DP 2 AC is to prevent malicious users from reusing tokens. We propose a suite of distributed techniques for token-reuse detection (TRD) and thoroughly compare their performance with regard to TRD capability, communication overhead, storage overhead, and attack resilience. The efficacy and efficiency of DP 2 AC are confirmed by detailed performance evaluations.

[1]  Xue Liu,et al.  PDA: Privacy-Preserving Data Aggregation in Wireless Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[2]  Jaap-Henk Hoepman,et al.  Distributed Double Spending Prevention , 2007, Security Protocols Workshop.

[3]  Leonard E. Miller,et al.  Distribution of Link Distances in a Wireless Network , 2001, Journal of research of the National Institute of Standards and Technology.

[4]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[5]  Yang Yu,et al.  Query privacy in wireless sensor networks , 2007, 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[6]  Richard P. Martin,et al.  A security and robustness performance analysis of localization algorithms to signal strength attacks , 2009, TOSN.

[7]  Peter Desnoyers,et al.  TSAR: a two tier sensor storage architecture using interval skip graphs , 2005, SenSys '05.

[8]  Ivan Stojmenovic,et al.  Routing with Guaranteed Delivery in Ad Hoc Wireless Networks , 2001, Wirel. Networks.

[9]  David E. Culler,et al.  Securing the Deluge network programming system , 2006, 2006 5th International Conference on Information Processing in Sensor Networks.

[10]  Sencun Zhu,et al.  Least privilege and privilege deprivation: towards tolerating mobile sink compromises in wireless sensor networks , 2005, MobiHoc '05.

[11]  Yuguang Fang,et al.  Location-based compromise-tolerant security mechanisms for wireless sensor networks , 2006, IEEE Journal on Selected Areas in Communications.

[12]  Zinaida Benenson,et al.  Access control in wireless sensor networks , 2008 .

[13]  Qun Li,et al.  Distributed User Access Control in Sensor Networks , 2006, DCOSS.

[14]  Robert H. Deng,et al.  A novel privacy preserving authentication and access control scheme for pervasive computing environments , 2006, IEEE Transactions on Vehicular Technology.

[15]  Nancy A. Lynch,et al.  A Reliable Broadcast Scheme for Sensor Networks , 2003 .

[16]  Sencun Zhu,et al.  pDCS: Security and Privacy Support for Data-Centric Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[17]  Jie Gao,et al.  Double Rulings for Information Brokerage in Sensor Networks , 2006, IEEE/ACM Transactions on Networking.

[18]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, TSEC.

[19]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[20]  Bo Sheng,et al.  Data storage placement in sensor networks , 2006, MobiHoc '06.

[21]  Wenjing Lou,et al.  Multi-user Broadcast Authentication in Wireless Sensor Networks , 2007, 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[22]  David Evans,et al.  Localization for mobile sensor networks , 2004, MobiCom '04.

[23]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[24]  Dan Boneh,et al.  TWENTY YEARS OF ATTACKS ON THE RSA CRYPTOSYSTEM , 1999 .

[25]  Qun Li,et al.  Efficient Implementation of Public Key Cryptosystems on Mote Sensors (Short Paper) , 2006, ICICS.

[26]  B. R. Badrinath,et al.  Routing on a curve , 2003, CCRV.

[27]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[28]  Roberto Di Pietro,et al.  A randomized, efficient, and distributed protocol for the detection of node replication attacks in wireless sensor networks , 2007, MobiHoc '07.

[29]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[30]  Sushil Jajodia,et al.  Efficient Distributed Detection of Node Replication Attacks in Sensor Networks , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[31]  Sarvar Patel,et al.  Efficient authentication and key distribution in wireless IP networks , 2003, IEEE Wireless Communications.

[32]  Paul Malliavin,et al.  Stochastic Analysis , 1997, Nature.

[33]  Donggang Liu,et al.  Efficient and distributed access control for sensor networks , 2007, Wirel. Networks.

[34]  Sushil Jajodia,et al.  LEAP+: Efficient security mechanisms for large-scale distributed sensor networks , 2006, TOSN.

[35]  Nicholas Hopper,et al.  Combating Double-Spending Using Cooperative P2P Systems , 2007, 27th International Conference on Distributed Computing Systems (ICDCS '07).

[36]  K. Nahrstedt,et al.  iPDA: An integrity-protecting private data aggregation scheme for wireless sensor networks , 2008, MILCOM 2008 - 2008 IEEE Military Communications Conference.

[37]  Peng Ning,et al.  Mitigating DoS attacks against broadcast authentication in wireless sensor networks , 2008, TOSN.

[38]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[39]  Ivan Stojmenovic,et al.  A scalable quorum-based location service in ad hoc and sensor networks , 2008 .

[40]  Adrian Perrig,et al.  Distributed detection of node replication attacks in sensor networks , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[41]  Brad Karp,et al.  GPSR : Greedy Perimeter Stateless Routing for Wireless , 2000, MobiCom 2000.