A Framework for Identifying Compromised Nodes in Sensor Networks

Sensor networks are often subject to physical attacks. Once a node's cryptographic key is compromised, an attacker may completely impersonate it, and introduce arbitrary false information into the network. Basic cryptographic security mechanisms are often not effective in this situation. Most techniques to address this problem focus on detecting and tolerating false information introduced by compromised nodes. They cannot pinpoint exactly where the false information is introduced and who is responsible for it. We still lack effective techniques to accurately identify compromised nodes so that they can be excluded from a sensor network once and for all. In this paper, we propose an application-independent framework for identifying compromised sensor nodes. The framework provides an appropriate abstraction of application-specific detection mechanisms, and models the unique properties of sensor networks. Based on the framework, we develop alert reasoning algorithms to identify compromised nodes. The algorithm assumes that compromised nodes may collude at will. We show that our algorithm is optimal in the sense that it identifies the largest number of compromised nodes without introducing false positives. We evaluate the effectiveness of the designed algorithm through comprehensive experiments

[1]  Rajeev Motwani,et al.  The PageRank Citation Ranking : Bringing Order to the Web , 1999, WWW 1999.

[2]  David E. Culler,et al.  SPINS: security protocols for sensor networks , 2001, MobiCom '01.

[3]  Hector Garcia-Molina,et al.  EigenRep: Reputation Management in P2P Networks , 2003 .

[4]  Seungjoon Lee,et al.  Cooperative peer groups in NICE , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[5]  Karl Aberer,et al.  Managing trust in a peer-2-peer information system , 2001, CIKM '01.

[6]  Peng Ning,et al.  LAD: localization anomaly detection for wireless sensor networks , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[7]  Dawn Xiaodong Song,et al.  SIA: secure information aggregation in sensor networks , 2003, SenSys '03.

[8]  Shivakant Mishra,et al.  Security support for in-network processing in Wireless Sensor Networks , 2003, SASN '03.

[9]  Donggang Liu,et al.  Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[10]  Lingxuan Hu,et al.  Secure aggregation for wireless networks , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[11]  Yunghsiang Sam Han,et al.  A witness-based approach for data fusion assurance in wireless sensor networks , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[12]  Yunghsiang Sam Han,et al.  A pairwise key pre-distribution scheme for wireless sensor networks , 2003, CCS '03.

[13]  Krishan K. Sabnani,et al.  The Comparison Approach to Multiprocessor Fault Diagnosis , 1987, IEEE Transactions on Computers.

[14]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[15]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, TSEC.

[16]  Ivan Stojmenovic,et al.  Routing with Guaranteed Delivery in Ad Hoc Wireless Networks , 1999, DIALM '99.

[17]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[18]  GERNOT METZE,et al.  On the Connection Assignment Problem of Diagnosable Systems , 1967, IEEE Trans. Electron. Comput..

[19]  Mani B. Srivastava,et al.  Reputation-based framework for high integrity sensor networks , 2004, SASN '04.

[20]  Dawn Song,et al.  SIA: Secure information aggregation in sensor networks , 2007, J. Comput. Secur..

[21]  Deborah Estrin,et al.  Highly-resilient, energy-efficient multipath routing in wireless sensor networks , 2001, MOCO.

[22]  Ling Liu,et al.  Building Trust in Decentralized Peer-to-Peer Electronic Communities , 2002 .

[23]  Yukio Shibata,et al.  (t, k)-Diagnosable System: A Generalization of the PMC Models , 2003, IEEE Trans. Computers.

[24]  Sushil Jajodia,et al.  An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[25]  Munindar P. Singh,et al.  An evidential model of distributed reputation management , 2002, AAMAS '02.

[26]  Silvio Micali,et al.  An O(v|v| c |E|) algoithm for finding maximum matching in general graphs , 1980, 21st Annual Symposium on Foundations of Computer Science (sfcs 1980).

[27]  Matthew Richardson,et al.  Trust Management for the Semantic Web , 2003, SEMWEB.

[28]  L. Mui,et al.  A computational model of trust and reputation , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[29]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[30]  Qing Zhang,et al.  A Classification Scheme for Trust Functions in Reputation-Based Trust Management , 2004, Trust@ISWC.

[31]  Donggang Liu,et al.  Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks , 2002, NDSS.

[32]  B SrivastavaMani,et al.  Reputation-based framework for high integrity sensor networks , 2008 .

[33]  Shivakant Mishra,et al.  A Robust and Light-Weight Routing Mechanism for Wireless Sensor Networks , 2004 .