LEDS: Providing Location-Aware End-to-End Data Security in Wireless Sensor Networks

Providing desirable data security, that is, confidentiality, authenticity, and availability, in wireless sensor networks (WSNs) is challenging, as a WSN usually consists of a large number of resource constraint sensor nodes that are generally deployed in unattended/hostile environments and, hence, are exposed to many types of severe insider attacks due to node compromise. Existing security designs mostly provide a hop-by-hop security paradigm and thus are vulnerable to such attacks. Furthermore, existing security designs are also vulnerable to many types of denial of service (DoS) attacks, such as report disruption attacks and selective forwarding attacks and thus put data availability at stake. In this paper, we seek to overcome these vulnerabilities for large-scale static WSNs. We come up with a location-aware end-to-end security framework in which secret keys are bound to geographic locations and each node stores a few keys based on its own location. This location-aware property effectively limits the impact of compromised nodes only to their vicinity without affecting end-to-end data security. The proposed multifunctional key management framework assures both node-to-sink and node-to-node authentication along the report forwarding routes. Moreover, the proposed data delivery approach guarantees efficient en-route bogus data filtering and is highly robust against DoS attacks. The evaluation demonstrates that the proposed design is highly resilient against an increasing number of compromised nodes and effective in energy savings.

[1]  Yuguang Fang,et al.  Secure localization and authentication in ultra-wideband sensor networks , 2006, IEEE Journal on Selected Areas in Communications.

[2]  Peter Kruus,et al.  CONSTRAINTS AND APPROACHES FOR DISTRIBUTED SENSOR NETWORK SECURITY , 2000 .

[3]  Elaine Shi,et al.  Designing secure sensor networks , 2004, IEEE Wireless Communications.

[4]  Ian F. Akyildiz,et al.  Wireless sensor networks , 2007 .

[5]  Yunghsiang Sam Han,et al.  A key management scheme for wireless sensor networks using deployment knowledge , 2004, IEEE INFOCOM 2004.

[6]  Wenjing Lou,et al.  Secure and Fault-Tolerant Event Boundary Detection in Wireless Sensor Networks , 2008, IEEE Transactions on Wireless Communications.

[7]  Sencun Zhu,et al.  Least privilege and privilege deprivation: towards tolerating mobile sink compromises in wireless sensor networks , 2005, MobiHoc '05.

[8]  Donggang Liu,et al.  Location-based pairwise key establishments for static sensor networks , 2003, SASN '03.

[9]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, TSEC.

[10]  Wenjing Lou,et al.  A new approach for random key pre-distribution in large-scale wireless sensor networks , 2006, Wirel. Commun. Mob. Comput..

[11]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[12]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[13]  Wenjing Lou,et al.  On Broadcast Authentication in Wireless Sensor Networks , 2007 .

[14]  David Evans,et al.  Localization for mobile sensor networks , 2004, MobiCom '04.

[15]  Xiuzhen Cheng,et al.  TPS: a time-based positioning scheme for outdoor wireless sensor networks , 2004, IEEE INFOCOM 2004.

[16]  Songwu Lu,et al.  GRAdient Broadcast: A Robust Data Delivery Protocol for Large Scale Sensor Networks , 2005, Wirel. Networks.

[17]  Wenjing Lou,et al.  On Broadcast Authentication in Wireless Sensor Networks , 2006, IEEE Transactions on Wireless Communications.

[18]  C. Karlof,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, 2003..

[19]  William A. Arbaugh,et al.  Toward resilient security in wireless sensor networks , 2005, MobiHoc '05.

[20]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[21]  Adrian Perrig,et al.  PIKE: peer intermediaries for key establishment in sensor networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[22]  Shouhuai Xu,et al.  Establishing pairwise keys for secure communication in ad hoc networks: a probabilistic approach , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[23]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[24]  Srdjan Capkun,et al.  Secure positioning in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[25]  Srdjan Capkun,et al.  Secure positioning of wireless devices with application to sensor networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[26]  Guohong Cao,et al.  Group rekeying for filtering false data in sensor networks: a predistribution and local collaboration-based approach , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[27]  Adrian Perrig,et al.  Security and Privacy in Sensor Networks , 2003, Computer.

[28]  Robert Szewczyk,et al.  System architecture directions for networked sensors , 2000, ASPLOS IX.

[29]  Yuguang Fang,et al.  Location-based compromise-tolerant security mechanisms for wireless sensor networks , 2006, IEEE Journal on Selected Areas in Communications.

[30]  Yunghsiang Sam Han,et al.  A pairwise key predistribution scheme for wireless sensor networks , 2005, TSEC.

[31]  Haiyun Luo,et al.  Statistical en-route filtering of injected false data in sensor networks , 2005, IEEE J. Sel. Areas Commun..

[32]  Sushil Jajodia,et al.  An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[33]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[34]  Haiyun Luo,et al.  Statistical en-route filtering of injected false data in sensor networks , 2004, IEEE INFOCOM 2004.

[35]  Harald Vogt,et al.  Exploring Message Authentication in Sensor Networks , 2004, ESAS.

[36]  Jongsik Jung,et al.  A forwarding scheme for reliable and energy-efficient data delivery in cluster-based sensor networks , 2005, IEEE Communications Letters.

[37]  Radha Poovendran,et al.  SeRLoc: secure range-independent localization for wireless sensor networks , 2004, WiSe '04.

[38]  Wenjing Lou,et al.  LEDS: Providing Location-Aware End-to-End Data Security in Wireless Sensor Networks , 2008, IEEE Trans. Mob. Comput..

[39]  Roger M. Needham,et al.  Denial of service , 1993, CCS '93.

[40]  Shivakant Mishra,et al.  Intrusion tolerance and anti-traffic analysis strategies for wireless sensor networks , 2004, International Conference on Dependable Systems and Networks, 2004.

[41]  Klara Nahrstedt,et al.  Using Data Aggregation to Prevent Traffic Analysis in Wireless Sensor Networks , 2006, DCOSS.

[42]  Yunghsiang Sam Han,et al.  A pairwise key pre-distribution scheme for wireless sensor networks , 2003, CCS '03.