Constrained Function-Based Message Authentication for Sensor Networks

Sensor networks are vulnerable to false data injection attack and path-based denial of service (PDoS) attack. While conventional authentication schemes are insufficient for solving these security conflicts, an en-route filtering scheme, enabling each forwarding node to check the authenticity of the received message, acts as a defense against these two attacks. To construct an efficient en-route filtering scheme, this paper first presents a Constrained Function-based message Authentication (CFA) scheme, which can be thought of as a hash function directly supporting the en-route filtering functionality. Obviously, the crux of the scheme lies on the design of guaranteeing each sensor to have en-route filtering capability. Together with the redundancy property of sensor networks, which means that an event can be simultaneously observed by multiple sensor nodes, the devised CFA scheme is used to construct a CFA-based en-route filtering (CFAEF) scheme. In addition to the resilience against false data injection and PDoS attacks, CFAEF is inherently resilient against false endorsement-based DoS attack. In contrast to most of the existing methods, which rely on complicated security associations among sensor nodes, our design, which directly exploits an en-route filtering hash function, appears to be novel. We examine the CFA and CFAEF schemes from both the theoretical and numerical aspects to demonstrate their efficiency and effectiveness. Moreover, prototype implementation on TelosB mote demonstrates the practicality of our proposed method.

[1]  Srdjan Capkun,et al.  Wormhole-Based Anti-Jamming Techniques in Sensor Networks , 2007 .

[2]  Srdjan Capkun,et al.  Wormhole-Based Antijamming Techniques in Sensor Networks , 2007, IEEE Transactions on Mobile Computing.

[3]  Bülent Yener,et al.  Combinatorial Design of Key Distribution Mechanisms for Wireless Sensor Networks , 2004, IEEE/ACM Transactions on Networking.

[4]  Chun-Shien Lu,et al.  A DoS-resilient en-route filtering scheme for sensor networks , 2009, MobiHoc '09.

[5]  Sviatoslav Voloshynovskiy,et al.  Watermark copy attack , 2000, Electronic Imaging.

[6]  Rachel Cardell-Oliver,et al.  A Reactive Soil Moisture Sensor Network: Design and Field Evaluation , 2005, Int. J. Distributed Sens. Networks.

[7]  C. Karlof,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, 2003..

[8]  Shivakant Mishra,et al.  Defending against path-based DoS attacks in wireless sensor networks , 2005, SASN '05.

[9]  Sencun Zhu,et al.  Least privilege and privilege deprivation: towards tolerating mobile sink compromises in wireless sensor networks , 2005, MobiHoc '05.

[10]  Jun Yang,et al.  Many-to-Many Aggregation for Sensor Networks , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[11]  P. Ning,et al.  Multi-Level μ TESLA : Broadcast Authentication for Distributed Sensor Networks , 2004 .

[12]  Donggang Liu,et al.  Multilevel μTESLA: Broadcast authentication for distributed sensor networks , 2004, TECS.

[13]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[14]  Vladik Kreinovich,et al.  Greedy algorithms for optimizing multivariate Horner schemes , 2004, SIGS.

[15]  Vipul Gupta,et al.  Energy analysis of public-key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[16]  Yuguang Fang,et al.  Location-based compromise-tolerant security mechanisms for wireless sensor networks , 2006, IEEE Journal on Selected Areas in Communications.

[17]  Zhi Li,et al.  Constructing Secure Content-Dependent Watermarking Scheme using Homomorphic Encryption , 2007, 2007 IEEE International Conference on Multimedia and Expo.

[18]  G. Hardy,et al.  Asymptotic formulae in combinatory analysis , 1918 .

[19]  Chun-Shien Lu,et al.  Noninteractive Pairwise Key Establishment for Sensor Networks , 2010, IEEE Transactions on Information Forensics and Security.

[20]  Haifeng Yu Secure and highly-available aggregation queries in large-scale sensor networks via set sampling , 2009, 2009 International Conference on Information Processing in Sensor Networks.

[21]  TsengYu-Chee,et al.  The coverage problem in a wireless sensor network , 2005 .

[22]  Christoph Krauß,et al.  STEF: A Secure Ticket-Based En-route Filtering Scheme for Wireless Sensor Networks , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[23]  Haiyun Luo,et al.  Statistical en-route filtering of injected false data in sensor networks , 2004, IEEE INFOCOM 2004.

[24]  Dawn Xiaodong Song,et al.  Secure hierarchical in-network aggregation in sensor networks , 2006, CCS '06.

[25]  Yunghsiang Sam Han,et al.  A key predistribution scheme for sensor networks using deployment knowledge , 2006, IEEE Transactions on Dependable and Secure Computing.

[26]  Guiling Wang,et al.  Lightweight and Compromise-Resilient Message Authentication in Sensor Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[27]  Chun-Shien Lu,et al.  A Constrained Function Based Message Authentication Scheme for Sensor Networks , 2009, 2009 IEEE Wireless Communications and Networking Conference.

[28]  Yih-Chun Hu,et al.  Wormhole attacks in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[29]  Fang Liu,et al.  SBK: A Self-Configuring Framework for Bootstrapping Keys in Sensor Networks , 2008, IEEE Transactions on Mobile Computing.

[30]  Thomas F. La Porta,et al.  Movement-assisted sensor deployment , 2004, IEEE INFOCOM 2004.

[31]  Yong Wang,et al.  A survey of security issues in wireless sensor networks , 2006, IEEE Communications Surveys & Tutorials.

[32]  Berk Sunar,et al.  Comparison of Bit and Word Level Algorithms for Evaluating Unstructured Functions over Finite Rings , 2005, CHES.

[33]  Jianzhong Li,et al.  Grouping-Based Resilient Statistical En-Route Filtering for Sensor Networks , 2009, IEEE INFOCOM 2009.

[34]  Wei Wang,et al.  Coverage in Hybrid Mobile Sensor Networks , 2008, IEEE Transactions on Mobile Computing.

[35]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, TSEC.

[36]  Sushil Jajodia,et al.  An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[37]  Wenjing Lou,et al.  LEDS: Providing Location-Aware End-to-End Data Security in Wireless Sensor Networks , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[38]  Yu-Chee Tseng,et al.  The Coverage Problem in a Wireless Sensor Network , 2003, WSNA '03.

[39]  Songwu Lu,et al.  Commutative cipher based en-route filtering in wireless sensor networks , 2004, IEEE 60th Vehicular Technology Conference, 2004. VTC2004-Fall. 2004.

[40]  Dharma P. Agrawal,et al.  Intrusion Detection in Homogeneous and Heterogeneous Wireless Sensor Networks , 2008, IEEE Transactions on Mobile Computing.

[41]  Christoph Krauß,et al.  Defending against false-endorsement-based dos attacks in wireless sensor networks , 2008, WiSec '08.

[42]  Ting Yuan,et al.  KAEF: An En-route Scheme of Filtering False Data in Wireless Sensor Networks , 2008, 2008 IEEE International Performance, Computing and Communications Conference.

[43]  Michael D. Smith,et al.  Implementing public-key infrastructure for sensor networks , 2008, TOSN.

[44]  Peng Ning,et al.  2008 International Conference on Information Processing in Sensor Networks TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks ∗ , 2022 .

[45]  G. Hardy,et al.  Asymptotic Formulaæ in Combinatory Analysis , 1918 .

[46]  Mukesh Singhal,et al.  Security in wireless sensor networks , 2008, Wirel. Commun. Mob. Comput..

[47]  U. N. Okorafor,et al.  Security and Privacy for Distributed Multimedia Sensor Networks , 2008, Proceedings of the IEEE.

[48]  Jonathan Katz,et al.  Attacking cryptographic schemes based on "perturbation polynomials" , 2009, CCS.

[49]  William A. Arbaugh,et al.  Toward resilient security in wireless sensor networks , 2005, MobiHoc '05.

[50]  Wei Hong,et al.  Exploiting correlated attributes in acquisitional query processing , 2005, 21st International Conference on Data Engineering (ICDE'05).

[51]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[52]  Yong Guan,et al.  A Dynamic En-route Filtering Scheme for Data Reporting in Wireless Sensor Networks , 2010, IEEE/ACM Transactions on Networking.

[53]  Kenneth E. Barner,et al.  Sensor Data Cryptography in Wireless Sensor Networks , 2008, IEEE Transactions on Information Forensics and Security.

[54]  Moti Yung,et al.  Perfectly Secure Key Distribution for Dynamic Conferences , 1992, Inf. Comput..

[55]  C.-S. Lu,et al.  Near-Optimal Watermark Estimation and Its Countermeasure: Antidisclosure Watermark for Multiple Watermark Embedding , 2007, IEEE Transactions on Circuits and Systems for Video Technology.

[56]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[57]  Donggang Liu,et al.  Pre-authentication filters: providing dos resistance for signature-based broadcast authentication in sensor networks , 2008, WiSec '08.