Presence , Intervention , Insertion : Unifying Attack and Failure Models in Wireless Sensor Networks

As assumptions about adversaries critically influence the correctness and efficiency of protocols, they should be as precise as possible. We propose a general framework for attacker models in wirless sensor networks. The framework is modular since it allows to compose basic attacker models by choosing values from three orthogonal dimensions: presence, intervention, and insertion. All choices of basic attacker models form a lattice according to a well-defined weaker-than relation. Sets of such basic attacker models constitute general attacker models. In a sense, our framework unifies behavioral aspects of attacker models from the area of cryptography and fault-tolerance We show that our modeling framework can be used to formulate all relevant attacker models from the literature on sensor networks. We demonstrate the benefits of our framework by showing how it can be used to (1) compare protocols and establish relations between protocols and (2) to make attacker assumptions more precise and find errors in protocols.

[1]  Levente Buttyán,et al.  Provably Secure On-Demand Source Routing in Mobile Ad Hoc Networks , 2006, IEEE Transactions on Mobile Computing.

[2]  John McLean,et al.  A General Theory of Composition for a Class of "Possibilistic'' Properties , 1996, IEEE Trans. Software Eng..

[3]  Susanne Wetzel,et al.  An attacker model for MANET routing security , 2009, WiSec '09.

[4]  Sushil Jajodia,et al.  An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[5]  Adrian Perrig,et al.  Distributed detection of node replication attacks in sensor networks , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[6]  Yih-Chun Hu,et al.  Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks , 2002, MobiCom '02.

[7]  Felix C. Freiling,et al.  On the Composition of Compositional Reasoning , 2004, Architecting Systems with Trustworthy Components.

[8]  Ross J. Anderson,et al.  Key infection: smart trust for smart dust , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[9]  C. Karlof,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, 2003..

[10]  Zinaida Benenson,et al.  Tampering with Motes: Real-World Physical Attacks on Wireless Sensor Networks , 2006, SPC.

[11]  W DijkstraEdsger Self-stabilizing systems in spite of distributed control , 1974 .

[12]  Haiyun Luo,et al.  Statistical en-route filtering of injected false data in sensor networks , 2004, IEEE INFOCOM 2004.

[13]  Bowen Alpern,et al.  Defining Liveness , 1984, Inf. Process. Lett..

[14]  Srdjan Capkun,et al.  Secure Time Synchronization in Sensor Networks , 2008, TSEC.

[15]  Ueli Maurer,et al.  Secure multi-party computation made simple , 2002, Discret. Appl. Math..

[16]  Felix C. Freiling,et al.  Authenticated query flooding in sensor networks , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[17]  Dirk Westhoff,et al.  Concealed Data Aggregation for Reverse Multicast Traffic in Sensor Networks: Encryption, Key Distribution, and Routing Adaptation , 2006, IEEE Transactions on Mobile Computing.

[18]  Claudia Eckert On security models , 1996, SEC.

[19]  John McLean,et al.  Security models and information flow , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[20]  Srdjan Capkun,et al.  Secure positioning of wireless devices with application to sensor networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[21]  Matthias Fitzi,et al.  General Adversaries in Unconditional Multi-party Computation , 1999, ASIACRYPT.

[22]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[23]  Shivakant Mishra,et al.  A Performance Evaluation of Intrusion-Tolerant Routing in Wireless Sensor Networks , 2003, IPSN.

[24]  Anupam Joshi,et al.  Security in Sensor Networks , 2020, Texts in Computer Science.

[25]  Edsger W. Dijkstra,et al.  Self-stabilizing systems in spite of distributed control , 1974, CACM.

[26]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[27]  David A. Wagner,et al.  Resilient aggregation in sensor networks , 2004, SASN '04.

[28]  Dawn Xiaodong Song,et al.  Secure hierarchical in-network aggregation in sensor networks , 2006, CCS '06.

[29]  Donggang Liu,et al.  Attack-Resistant Location Estimation in Wireless Sensor Networks , 2008, TSEC.

[30]  Claudio Soriente,et al.  New adversary and new threats: security in unattended sensor networks , 2009, IEEE Network.

[31]  Felix C. Freiling,et al.  Vulnerabilities and Attacks in Wireless Sensor Networks , 2008 .

[32]  James W. Gray,et al.  Using temporal logic to specify and verify cryptographic protocols , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[33]  Qijun Gu,et al.  Towards self-propagate mal-packets in sensor networks , 2008, WiSec '08.

[34]  Claude Castelluccia,et al.  Code injection attacks on harvard-architecture devices , 2008, CCS.

[35]  Leslie Lamport,et al.  Proving the Correctness of Multiprocess Programs , 1977, IEEE Transactions on Software Engineering.

[36]  Radha Poovendran,et al.  Modeling adaptive node capture attacks in multi-hop wireless networks , 2007, Ad Hoc Networks.

[37]  Felix C. Freiling,et al.  Byzantine Failures and Security: Arbitrary is not (always) Random , 2003, GI Jahrestagung.

[38]  Dawn Xiaodong Song,et al.  SIA: secure information aggregation in sensor networks , 2003, SenSys '03.

[39]  Virgil D. Gligor On the evolution of adversary models in security protocols: from the beginning to sensor networks , 2007, ASIACCS '07.

[40]  Yunghsiang Sam Han,et al.  A pairwise key predistribution scheme for wireless sensor networks , 2005, TSEC.

[41]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[42]  Jörg Schwenk,et al.  Security model and framework for information aggregation in sensor networks , 2009, TOSN.

[43]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[44]  Heiko Mantel,et al.  A generic approach to the security of multi-threaded programs , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[45]  Peng Ning,et al.  TinySeRSync: secure and resilient time synchronization in wireless sensor networks , 2006, CCS '06.

[46]  Timo Warns,et al.  Structural Failure Models for Fault-Tolerant Distributed Computing , 2010, Softwaretechnik-Trends.

[47]  Felix C. Freiling,et al.  Safety, Liveness, and Information Flow: Dependability Revisited , 2006, ARCS Workshops.

[48]  Levente Buttyán,et al.  Modelling adversaries and security objectives for routing protocols in wireless sensor networks , 2006, SASN '06.

[49]  Adrian Perrig,et al.  Efficient security primitives derived from a secure aggregation algorithm , 2008, CCS.

[50]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[51]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, TSEC.