Conference Paper

Locating Compromised Sensor Nodes Through Incremental Hashing Authentication.

DOI: 10.1007/11776178_20 Conference: Distributed Computing in Sensor Systems, Second IEEE International Conference, DCOSS 2006, San Francisco, CA, USA, June 18-20, 2006, Proceedings
Source: DBLP

ABSTRACT While sensor networks have recently emerged as a promising com- puting model, they are vulnerable to various node compromising attacks. In this paper, we propose COOL, a COmpromised nOde Locating protocol for detect- ing and locating compromised nodes once they misbehave in the sensor network. We exploit a proven collision-resilient incremental hashing algorithm and design secure steps to confidently locate compromised nodes. The scheme can also be combined with existing en-route false report filtering schemes to achieve both early false report dropping and accurate compromised nodes isolation.

0 Bookmarks
 · 
69 Views
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Given the extremely limited hardware resources on sensor nodes and the inclement deploying environment, the adversary Denial-of-Service (DoS) attack becomes a serious security threat toward wireless sensor networks. Without adequate defense mechanism, the adversary can simply inundate the network by flooding the bogus data packets, and paralyze the partial or whole sensor network by depleting node battery power. Prior work on false packet filtering in sensor networks are mostly based on symmetric key schemes, with the concern that the public key operations are too expensive for the resource constrained sensors. Recent progress in public key implementations on sensors, however, has shown that public key is already feasible for sensors. In this paper, we present PDF, a Public-key based false Data Filtering scheme that leverages Shamir's thresh- old cryptography and Elliptic Curve Cryptography (ECC), and effectively rejects 100% of false data packets. We evaluate PDF by real world implementation on MICAz motes. Our experiment results support the conclusion that PDF is practical for real world sensor deployment.
    Wireless Networks 01/2010; 16:999-1009. · 0.74 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: While sensor networks have recently emerged as a promising com- puting model, they are vulnerable to various node compromising attacks. In this paper, we propose COOL, a COmpromised nOde Locating protocol for detect- ing and locating compromised nodes once they misbehave in the sensor network. We exploit a proven collision-resilient incremental hashing algorithm and design secure steps to confidently locate compromised nodes. The scheme can also be combined with existing en-route false report filtering schemes to achieve both early false report dropping and accurate compromised nodes isolation.
    Distributed Computing in Sensor Systems, Second IEEE International Conference, DCOSS 2006, San Francisco, CA, USA, June 18-20, 2006, Proceedings; 01/2006
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Due to the unattended nature of wireless sensor networks, an adversary can physically capture and compromise sensor nodes and then mount a variety of attacks with the compromised nodes. To minimize the damage incurred by the compromised nodes, the system should detect and revoke them as soon as possible. To meet this need, researchers have recently proposed a variety of node compromise detection schemes in wireless ad hoc and sensor networks. For example, reputation-based trust management schemes identify malicious nodes but do not revoke them due to the risk of false positives. Similarly, software-attestation schemes detect the subverted software modules of compromised nodes. However, they require each sensor node to be attested periodically, thus incurring substantial overhead. To mitigate the limitations of the existing schemes, we propose a zone-based node compromise detection and revocation scheme in wireless sensor networks. The main idea behind our scheme is to use sequential hypothesis testing to detect suspect regions in which compromised nodes are likely placed. In these suspect regions, the network operator performs software attestation against sensor nodes, leading to the detection and revocation of the compromised nodes. Through quantitative analysis and simulation experiments, we show that the proposed scheme detects the compromised nodes with a small number of samples while reducing false positive and negative rates, even if a substantial fraction of the nodes in the zone are compromised. Additionally, we model the detection problem using a game theoretic analysis, derive the optimal strategies for the attacker and the defender, and show that the attacker's gain from node compromise is greatly limited by the defender when both the attacker and the defender follow their optimal strategies.
    28th IEEE Symposium on Reliable Distributed Systems (SRDS 2009), Niagara Falls, New York, USA, September 27-30, 2009; 01/2009

Full-text

View
0 Downloads