Conference Paper

Locating Compromised Sensor Nodes Through Incremental Hashing Authentication.

Department of Computer Science, University of Pittsburgh, Pittsburgh, Pennsylvania, United States
DOI: 10.1007/11776178_20 Conference: Distributed Computing in Sensor Systems, Second IEEE International Conference, DCOSS 2006, San Francisco, CA, USA, June 18-20, 2006, Proceedings
Source: DBLP


While sensor networks have recently emerged as a promising com- puting model, they are vulnerable to various node compromising attacks. In this paper, we propose COOL, a COmpromised nOde Locating protocol for detect- ing and locating compromised nodes once they misbehave in the sensor network. We exploit a proven collision-resilient incremental hashing algorithm and design secure steps to confidently locate compromised nodes. The scheme can also be combined with existing en-route false report filtering schemes to achieve both early false report dropping and accurate compromised nodes isolation.

Download full-text


Available from: Jun Yang, Dec 16, 2014
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Due to the unattended nature of wireless sensor networks, an adversary can physically capture and compromise sensor nodes and then mount a variety of attacks with the compromised nodes. To minimize the damage incurred by the compromised nodes, the system should detect and revoke them as soon as possible. To meet this need, researchers have recently proposed a variety of node compromise detection schemes in wireless ad hoc and sensor networks. For example, reputation-based trust management schemes identify malicious nodes but do not revoke them due to the risk of false positives. Similarly, software-attestation schemes detect the subverted software modules of compromised nodes. However, they require each sensor node to be attested periodically, thus incurring substantial overhead. To mitigate the limitations of the existing schemes, we propose a zone-based node compromise detection and revocation scheme in wireless sensor networks. The main idea behind our scheme is to use sequential hypothesis testing to detect suspect regions in which compromised nodes are likely placed. In these suspect regions, the network operator performs software attestation against sensor nodes, leading to the detection and revocation of the compromised nodes. Through quantitative analysis and simulation experiments, we show that the proposed scheme detects the compromised nodes with a small number of samples while reducing false positive and negative rates, even if a substantial fraction of the nodes in the zone are compromised. Additionally, we model the detection problem using a game theoretic analysis, derive the optimal strategies for the attacker and the defender, and show that the attacker's gain from node compromise is greatly limited by the defender when both the attacker and the defender follow their optimal strategies.
    Full-text · Conference Paper · Sep 2009
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Given the extremely limited hardware resources on sensor nodes and the inclement deploying environment, the adversary Denial-of-Service (DoS) attack becomes a serious security threat toward wireless sensor networks. Without adequate defense mechanism, the adversary can simply inundate the network by flooding the bogus data packets, and paralyze the partial or whole sensor network by depleting node battery power. Prior work on false packet filtering in sensor networks are mostly based on symmetric key schemes, with the concern that the public key operations are too expensive for the resource constrained sensors. Recent progress in public key implementations on sensors, however, has shown that public key is already feasible for sensors. In this paper, we present PDF, a Public-key based false Data Filtering scheme that leverages Shamir's thresh- old cryptography and Elliptic Curve Cryptography (ECC), and effectively rejects 100% of false data packets. We evaluate PDF by real world implementation on MICAz motes. Our experiment results support the conclusion that PDF is practical for real world sensor deployment.
    Preview · Article · May 2010 · Wireless Networks
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: A compromised node in wireless sensor networks can be used to create false messages by generating them on their own or by falsifying legitimate messages received from other nodes. Because compromised nodes that create false messages can waste a considerable amount of network resources, we should detect them as early as possible. Existing studies for detecting such nodes can only be used in situations where sensor nodes do not move. However, it is possible that nodes move because of wind or other factors in real situations. We improve existing studies for detecting compromised nodes in mobile wireless sensor networks. In the proposed method, an agent exists on each node and it appends its ID and a k-bit code to an event message and the sink detects a compromised node by a statistical method. Our method can be used in static and dynamic environments. Simulations we conducted prove the effectiveness of our method.
    Preview · Article · Jul 2015 · Journal of Information Processing

We use cookies to give you the best possible experience on ResearchGate. Read our cookies policy to learn more.