Containing denial-of-service attacks in broadcast authentication in sensor networks

Broadcast authentication is an important application in sensor networks. Public Key Cryptography (PKC) is desirable for this application, but due to the resource constraints on sensor nodes, these operations are expensive, which means sensor networks using PKC are susceptible to Denial of Service (DoS) attacks: attackers keep broadcasting bogus messages, which will incur extra costs, thus exhaust the energy of the honest nodes. In addition, the long time to verify each message using PKC increases the response time of the nodes; it is impractical for the nodes to validate each incoming message before forwarding i. In this paper we discuss this type of DoS attacks, in which the goal of the adversary is to exhaust the energy of the sensor nodes and to increase their response time to broadcast messages. We then present a dynamic window scheme, where sensor nodes determine whether first to verify a message or first to forward the message by themselves. This is made possible with the information such as how far this node is away from the malicious attacker, and how many hops the incoming message has passed. We compare the performance of the proposed scheme with other schemes, and show that it can contain the damage of DoS attacks to only a small portion of the sensor nodes.

[1]  David E. Culler,et al.  SPINS: security protocols for sensor networks , 2001, MobiCom '01.

[2]  Chieh-Yih Wan,et al.  CODA: congestion detection and avoidance in sensor networks , 2003, SenSys '03.

[3]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[4]  Shivakant Mishra,et al.  Defending against path-based DoS attacks in wireless sensor networks , 2005, SASN '05.

[5]  Yang Richard Yang,et al.  General AIMD congestion control , 2000, Proceedings 2000 International Conference on Network Protocols.

[6]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[7]  Raj Jain,et al.  Analysis of the Increase and Decrease Algorithms for Congestion Avoidance in Computer Networks , 1989, Comput. Networks.

[8]  David E. Culler,et al.  A transmission control scheme for media access in sensor networks , 2001, MobiCom '01.

[9]  Vipul Gupta,et al.  Accelerating next-generation public-key cryptosystems on general-purpose CPUs , 2005, IEEE Micro.

[10]  Elaine Shi,et al.  Detection of denial-of-message attacks on sensor network broadcasts , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[11]  Berk Sunar,et al.  Public Key Cryptography in Sensor Networks - Revisited , 2004, ESAS.

[12]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[13]  Ran Canetti,et al.  Efficient and Secure Source Authentication for Multicast , 2001, NDSS.

[14]  Ramesh Govindan,et al.  Interference-aware fair rate control in wireless sensor networks , 2006, SIGCOMM.