Secure Event Reporting Protocol for Sense-Response Applications

Sense-response applications are widely being used for safeguarding critical infrastructure. In such applications, the sensor nodes detect and report events of interest to the base-station which promptly responds with a physical response. A concern that arises immediately is regarding the ability of the sensor nodes to encounter malicious entities that benefit from any form of damage to the critical infrastructure. Due to the lack of physical security and tamper resistant hardware around the sensor nodes, adversaries can easily compromise them, recover their embedded cryptographic material, and subsequently make them pose as authorized nodes in the network. Such compromised nodes can now launch an attack on the network to either suppress the reporting of genuine events or inject false events to the base-station, thereby rendering the entire system useless. We describe a Secure Event Reporting Protocol (SERP) for sense-response applications which ensures the generation and delivery of valid event reports in the presence of internal attacks launched by compromised nodes within the network. SERP exploits the redundancy and the mutual oversight within a group of nodes triggered by an event to generate an event report which is authenticated by a subset of these nodes. The protocol depends upon the presence of pairwise cryptographic keys between two nodes detecting a common event. We also propose a scalable post deployment mechanism for establishing these keys in the network. Our scheme exploits the Physical Attributes of the sensor nodes for Key Establishment and is referred to as PAKE. We have developed a prototype implementation of SERP and PAKE mechanisms for Mica2 motes and conducted several experiments to evaluate the overall system resiliency to attacks by internally compromised nodes. The obtained results show that SERP generates event report securely and efficiently.

[1]  Sencun Zhu,et al.  Poster Abstract : LEAP – Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks , 2003 .

[2]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[3]  David E. Culler,et al.  SPINS: Security Protocols for Sensor Networks , 2001, MobiCom '01.

[4]  Ross J. Anderson,et al.  Key infection: smart trust for smart dust , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[5]  Guoliang Xing,et al.  Integrated coverage and connectivity configuration in wireless sensor networks , 2003, SenSys '03.

[6]  Haiyun Luo,et al.  Statistical en-route filtering of injected false data in sensor networks , 2004, IEEE INFOCOM 2004.

[7]  Saurabh Ganeriwal,et al.  Timing-sync protocol for sensor networks , 2003, SenSys '03.

[8]  Stefano Basagni,et al.  Secure pebblenets , 2001, MobiHoc '01.

[9]  Dawn Xiaodong Song,et al.  SIA: secure information aggregation in sensor networks , 2003, SenSys '03.

[10]  Elaine Shi,et al.  The Sybil attack in sensor networks: analysis & defenses , 2004, Third International Symposium on Information Processing in Sensor Networks, 2004. IPSN 2004.

[11]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[12]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[13]  Shivakant Mishra,et al.  A Performance Evaluation of Intrusion-Tolerant Routing in Wireless Sensor Networks , 2003, IPSN.