Location-based compromise-tolerant security mechanisms for wireless sensor networks

Node compromise is a serious threat to wireless sensor networks deployed in unattended and hostile environments. To mitigate the impact of compromised nodes, we propose a suite of location-based compromise-tolerant security mechanisms. Based on a new cryptographic concept called pairing, we propose the notion of location-based keys (LBKs) by binding private keys of individual nodes to both their IDs and geographic locations. We then develop an LBK-based neighborhood authentication scheme to localize the impact of compromised nodes to their vicinity. We also present efficient approaches to establish a shared key between any two network nodes. In contrast to previous key establishment solutions, our approaches feature nearly perfect resilience to node compromise, low communication and computation overhead, low memory requirements, and high network scalability. Moreover, we demonstrate the efficacy of LBKs in counteracting several notorious attacks against sensor networks such as the Sybil attack, the identity replication attack, and wormhole and sinkhole attacks. Finally, we propose a location-based threshold-endorsement scheme, called LTE, to thwart the infamous bogus data injection attack, in which adversaries inject lots of bogus data into the network. The utility of LTE in achieving remarkable energy savings is validated by detailed performance evaluation.

[1]  Sushil Jajodia,et al.  LEAP+: Efficient security mechanisms for large-scale distributed sensor networks , 2006, TOSN.

[2]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[3]  Haiyun Luo,et al.  Statistical en-route filtering of injected false data in sensor networks , 2005, IEEE J. Sel. Areas Commun..

[4]  Mukesh Singhal,et al.  Security in wireless sensor networks , 2008, Wirel. Commun. Mob. Comput..

[5]  Sushil Jajodia,et al.  An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[6]  A. Shamm Identity-based cryptosystems and signature schemes , 1985 .

[7]  Michael D. Smith,et al.  A public-key infrastructure for key distribution in TinyOS based on elliptic curve cryptography , 2004, 2004 First Annual IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks, 2004. IEEE SECON 2004..

[8]  Michael Scott,et al.  Computing the Tate Pairing , 2005, CT-RSA.

[9]  Radha Poovendran,et al.  SeRLoc: secure range-independent localization for wireless sensor networks , 2004, WiSe '04.

[10]  Yunghsiang Sam Han,et al.  A pairwise key pre-distribution scheme for wireless sensor networks , 2003, CCS '03.

[11]  Jerry Zhao,et al.  Habitat monitoring: application driver for wireless communications technology , 2001, CCRV.

[12]  Peng Ning,et al.  LAD: localization anomaly detection for wireless sensor networks , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[13]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[14]  Yuguang Fang,et al.  Secure localization in wireless sensor networks , 2005, MILCOM 2005 - 2005 IEEE Military Communications Conference.

[15]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[16]  Liqun Chen,et al.  Identity based authenticated key agreement protocols from pairings , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[17]  Deep Medhi,et al.  Location-aware key management scheme for wireless sensor networks , 2004, SASN '04.

[18]  Brad Karp,et al.  GPSR : Greedy Perimeter Stateless Routing for Wireless , 2000, MobiCom 2000.

[19]  Paulo S. L. M. Barreto,et al.  On the Selection of Pairing-Friendly Groups , 2003, Selected Areas in Cryptography.

[20]  Florian Hess,et al.  Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.

[21]  Stefano Basagni,et al.  Secure pebblenets , 2001, MobiHoc '01.

[22]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[23]  Yuguang Fang,et al.  SPREAD: enhancing data confidentiality in mobile ad hoc networks , 2004, IEEE INFOCOM 2004.

[24]  J. Baek,et al.  Identity-based Threshold Signature from the Bilinear Pairings , 2004 .

[25]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[26]  Dawn Song,et al.  SIA: Secure information aggregation in sensor networks , 2007, J. Comput. Secur..

[27]  Yuguang Fang,et al.  LLK: a link-layer key establishment scheme for wireless sensor networks , 2005, IEEE Wireless Communications and Networking Conference, 2005.

[28]  Donggang Liu,et al.  Location-based pairwise key establishments for static sensor networks , 2003, SASN '03.

[29]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, TSEC.

[30]  Yunghsiang Sam Han,et al.  A pairwise key predistribution scheme for wireless sensor networks , 2005, TSEC.

[31]  Gerardo Pelosi,et al.  Computing Tate Pairing on Smartcards , 2005 .

[32]  József Balogh,et al.  On k−coverage in a mostly sleeping sensor network , 2008, Wirel. Networks.

[33]  Dawn Xiaodong Song,et al.  SIA: secure information aggregation in sensor networks , 2003, SenSys '03.

[34]  Joonsang Baek,et al.  Identity-based threshold signature scheme from the bilinear pairings (extended abstract) , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[35]  Krste Asanovic,et al.  Energy Aware Lossless Data Compression , 2003, MobiSys.

[36]  Peter Kruus,et al.  CONSTRAINTS AND APPROACHES FOR DISTRIBUTED SENSOR NETWORK SECURITY , 2000 .

[37]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[38]  Elaine Shi,et al.  The Sybil attack in sensor networks: analysis & defenses , 2004, Third International Symposium on Information Processing in Sensor Networks, 2004. IPSN 2004.

[39]  Peter Kruus,et al.  TinyPK: securing sensor networks with public key technology , 2004, SASN '04.

[40]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[41]  Paulo S. L. M. Barreto,et al.  Efficient Hardware for the Tate Pairing Calculation in Characteristic Three , 2005, CHES.

[42]  Vipul Gupta,et al.  Energy analysis of public-key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[43]  Srdjan Capkun,et al.  Secure positioning of wireless devices with application to sensor networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[44]  C. Karlof,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, 2003..

[45]  Berk Sunar,et al.  Public Key Cryptography in Sensor Networks - Revisited , 2004, ESAS.

[46]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[47]  Yih-Chun Hu Packet Leashes : A Defense against Wormhole Attacks in Wireless Ad Hoc Networks , 2001 .

[48]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[49]  Yunghsiang Sam Han,et al.  A key management scheme for wireless sensor networks using deployment knowledge , 2004, IEEE INFOCOM 2004.

[50]  Donggang Liu,et al.  Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks , 2002, NDSS.

[51]  Donggang Liu,et al.  Attack-resistant location estimation in sensor networks , 2005, IPSN 2005. Fourth International Symposium on Information Processing in Sensor Networks, 2005..

[52]  Radha Poovendran,et al.  Preventing wormhole attacks on wireless ad hoc networks: a graph theoretic approach , 2005, IEEE Wireless Communications and Networking Conference, 2005.

[53]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).