Content uploaded by Frederik Armknecht
Author content
All content in this area was uploaded by Frederik Armknecht on Nov 10, 2014
Content may be subject to copyright.
Re-visited: Denial of Service Resilient Access
Control for Wireless Sensor Networks
Frederik Armknecht1, Joao Girao1, Marc Stoecklin2, and Dirk Westhoff1?
1NEC Europe Ltd.
{frederik.armknecht,joao.girao,dirk.westhoff}@netlab.nec.de
2Swiss Federal Institute of Technology - Lausanne
marc.stoecklin@epfl.ch
Abstract. The appliance of wireless sensor networks to a broad variety
of applications doubtlessly requires end-user acceptance. End-users from
various computer network unrelated disciplines like for example from the
agriculture sector, geography, health care, or biology will only use wire-
less sensor networks to support their daily work if the overall benefit
beats the overhead when getting in touch with this new paradigm. This
does first and foremost mean that, once the WSN is deployed, it is easy
to collect data also for a technical unexperienced audience. However, the
trust in the system’s confidentiality and its reliability should not be un-
derestimated. Since for end-users from various disciplines the monitored
data are of highest value they will only apply WSN technology to their
professional activities if a proper and safe access control mechanism to
the WSN is ensured. For FIPS 140-02 level 2 or level 3 conform sensor
devices we provide an access control protocol for end-users of civilian
WSN applications that i) ensures access to the monitored data only for
authorised parties, ii) supports user-friendly data queries and iii) is DoS
resilient to save the sensor nodes’ battery capacity.
1 Introduction
Recently considerable contributions have been made in the area of wireless sensor
networks (WSN) to effectively request and receive environmental data from a
WSN. We observe two principle directions to apply a WSN: The first type of
WSNs, which we term synchronous WSNs are WSNs where the monitored data
is fluctual and is most likely to be used for some real-time control monitoring.
Data are transmitted in a push or in a pull mode. In contrast, we define an
asynchronous WSN as one that provides information to an authorised reader
only seldomly. Here the data provision to the end-user is exclusively in pull mode.
?The work presented in this paper was supported by the European Commission within
the STReP UbiSec&Sens of the EU Framework Program 6 for Research and Devel-
opment (IST-2004-2.4.3). The views and conclusions contained herein are those of
the authors and should not be interpreted as necessarily representing the official
policies or endorsements, either expressed or implied, of the UbiSec&Sens project
(http://www.ist-ubisecsens.org) or the European Commission.
The network continiously monitors and stores environmental data as a function
over the time and/or over the monitored region. Consequently, after a period of
monitoring and storing, the WSN contains a very fine granular environmental
fingerprint. Such information can be requested via some external reader device
by the end-user, e.g. a winemaker, a geologist, or other professionals.
For synchronous WSNs Madden et al. in [10] and Hellerstein et al. in [7]
provide an SQL-based query model for tiny in-network aggregation in WSNs
addressing specific monitoring durations of the network. Queries address mon-
itoring periods in the present and in the future. However, although in [7] the
concept of storage points allows to buffer a streaming view of recent data, the
fully-fledged architecture to store monitored data of an event of the past within
the WSN is not addressed in their work.
With respect to asynchronous WSNs the problem of how to use the limited
persistent storage capacity of an asynchronous WSN to store sampled data effec-
tively has been discussed by Tilak, Abu-Ghazaleh and Heinzelmann in [13]. The
authors provide a cluster-based collaborative storage approach and compare it
to a local buffering technique. Collaborative storage is a promising approach for
storage management because it enables the use of spatial data aggregation and
redundancy control among neighboring sensors to compress the stored data and
to optimize the storage use.
Although it is unrealistic to expect that all the aforementioned approaches
survive the competition to market, such a diversity of storage architectures and
information gathering concepts for WSNs on the one side, and the ultimative
need for a simple, user-friendly and consistent query interface on the other side,
manifests that a flexible data access framework will be a coactive part of future
service-oriented WSNs. Moreover, since for end-users from various disciplines
the collected data are of highest value they will only apply WSN technology to
their professional activities if a proper and safe data management is ensured.
This includes the encrypted storage and transport of data which have been
monitored over the time but also mechanisms to access the collected data in an
authenticated way. For the first we proposed solutions in [15] for synchronous
WSNs and in [6] for asynchronous WSNs. It is the contribution of this work
to provide a secure and efficient access control mechanism to allow only an au-
thenticated reader to request data from the WSN. We assume a distributed and
encrypted storage- and transmission architecture for reliable long-term storage
of data in the WSN as well as a translation framework to map user-friendly
database queries into controlled flooding messages. For the latter we introduce a
generic query translation model which we subsequently apply to show that the
proposed access control protocol for WSNs is applicable to any WSN database
architecture. An early version of this work has been presented at [16].
When considering access control, one must define the assets one is protecting
and the environment. In this particular model, we protect access to the network
and, in doing so, we provide an authorization mechanism which only allows a
valid reader to perform one query per interaction with a supervising entity, the
sink. In parallel we provide a mechanism which fits the query model described
in Section 3 and provide the link between the user world and the WSN world
and bind it to the access control information which can be validated at both
sink and sensors.
2 Network Model and Device Characteristics
The WSN considered in this work is static and densely distributed. It is presented
by a graph G= (N,L) with |N | nodes and |L| links. Each node represents a
wireless sensor node, e.g., a MicaZ mote, and each link represents a bidirectional
communication channel over a shared medium, e.g., the RF channel specified by
IEEE 802.15.4 WPAN. There is one single stated node S, the sink node. The
sensor nodes that compose a WSN are typically small in size, wireless, and have
very limited communication, computation, storage and power capabilities. For
example, the Berkeley Sensor Motes use an 8-bit 4MHz microcontroller with
4KB of memory and a radio tranceiver with a maximum 10 kbps data rate.
One consequence of limited computing and storage capacities is that modular
arithmetic with large numbers is difficult and, therefore, asymmetric cryptogra-
phy should only be used very carefully. In particular, standard Diffie-Hellman
key exchange protocols and even low exponent RSA techniques are prohibitively
expensive for sensors. Based on the above, extremely low-cost mechanisms are
needed. Furthermore, it has been pointed out that, in WSNs, sending a bit is
roughly 102times more expensive than executing a processor instruction [8].
The NIST standard FIPS 140-02 [4] defines four levels of physical security for
cryptographic devices. In this work we assume the sensor nodes being level 2 or
level 3 devices, namely devices that implement tamper evidence mechanisms or
devices that in addition to tamper evidence mechanisms also implement tamper
response mechanisms like top-metal sensor meshes or light-sensors. An adversary,
who destroys a sensor line or shortens it to ground or power, causes the device
to self-destruct. Partly protected devices prevent clever outsiders to read out
sensitive information from the sensor nodes. However, knowledgable insiders or
funded organisations which spend several 100,000 EURs for an attack can clearly
read out the data. We expect FIPS 140-02 level 2 and even level 3 enabled devices
to be reasonable in future in terms of costs also for the usage for some types of
WSN.
3 Query Translation Model
The goal of this paper is to present a denial of service resilient access control
for WSN applications that support ”user-friendly” data queries. However, we
will see that the ”user-friendliness” imposes conditions on the communication
between reader and sensor nodes that have to be considered in an access control
protocol.
For a “user-friendly” distributed database, it is mandatory that any query
q∈ Q from the end-user’s query space can be mapped to a “network-friendly”
controlled flooding message $∈ M, i.e., the existence of a function f:Q → M.
However, in practice fshould provide a semantical appropriate interpretation
of q. This means that $should reflect the user’s query as good as possible on
the WSN’s side. We will call such a function adequate.3But here the following
problem arises. On the one hand, $relies on the topology of the WSN. Therefore
we cannot expect that an “end-user friendly” query from the user space can
adequately be translated into a query from the WSN query message flooding
space unless additional information are available. On the other hand, the user
should be bothered only to a minimum with the technical details of the WSN.
The queries should contain as much information as possible but not more than
necessary.
Let the domain Trepresents the topology information of the WSN. Obvi-
ously, it is only available after the roll-out of the network. Some information
on Tare certainly necessary to formulate a ”network-friendly” flooding mes-
sage. On the other hand, ma jor parts of Tshould be hidden from the end-user
as otherwise “user-friendliness” would not be fulfilled. We therefore divide T
in (TU,TN) whereas TUrepresents only those information about the WSN’s
which are relevant for the end-user to generate context-sensitive user queries.
Contrary, TNcontains topology information which are mandatory to formulate
W SN architecture specific flooding messages and which should be hidden from
the end-user.
Consequently, to get an adequate function, we consider functions f∗:Q ×
T → M instead of f:Q → M. Given such a mapping f∗, we can doubtlessly
infer that such a translation exists and we can build a framework that can trans-
late (q, tU) with tUfrom TUinto an $for a specific WSN architecture. Examples
for WSN architectures are tinyDB, TAG or tinyPEDS.
Remarks
–With respect to the entropy of a message in principle it holds |q|=|$|.
Although due to the involvement of Tin f∗one could expect |$|>|q|.
We argue that the gain of information comes with the implicit knowledge
about the network’s topology and it does not need to be transmitted in the
message itself.
–the domain Mrelates to the WSN’s architecture. Known WSN architectures
are e.g. tinyDB,TAG,tinyPEDS, etc. Any $∈ M considers the architec-
tural semantic and thus we point out that for different WSN architectures
the domain Mis a separate one.
–the domain Trelates to the WSN topology. In principle t= (tU, tN)∈ T is
dynamic. For simplicity we assume tto be static. It describes the topology
of the WSN directly after the roll-out.
–The existence of an adequate mapping f∗can best be proven over the detour
of comparing rU∈ RUwith rN∈ RNwith fU:Q → RUand fN:M →
RN:rU
?
≈rN(approximation to the expected value). RUand RNrepresent
3An example for a non-adequate function fwould be one that maps any query qto
the same flooding message $. This is principally possible but wouldn’t make any
sense in practice.
the query response space from the user’s perspective respectively from the
network side.
–The topology TNcan automatically be generated by the WSN initially after
the roll-out of the WSN. However, the mapping to TUneeds to be done by
an administrator. Concretely the mapping is to assign a symbolic region to
each node or group of nodes.
–The time should also be mapped to a WSN friendly value. Human readable
expressions like days or hours have to be expressed in number of epochs
for the WSN query. The sink knows the duration of an epoch and when t0
occurred, hence the translation for time is a trivial task.
4 Query Translation to TinyPEDS
For a better understanding of the introduced query translation model, we ex-
emplarily illustrate the translation from (q, tU) to $∈ M and Mrepresenting
the tinyPEDS semantic. We elaborated a user-friendly SQL-like language very
similar to tinyDB [18]. Our tinyPEDS query syntax is as follows:
SELECT agg <expr> | <expr>, ...
[FROM sensors | <expr>]
[WHERE <pred>]
[TIME [BETWEEN <expr> AND <expr> | LAST <expr>]]
[GROUP BY <expr>]
[HAVING <pred>]
One can notice that the FROM term is optional. When not set, the default
value is ’FROM sensors’. This language aims to provide the most functionality
to the user, though it is limited compared to the full SQL language set. There
are for example no nested queries. Furthermore, our language should be easily
extendable to synchronous WSNs queries. By having a similar syntax to the most
used synchronous WSN database, which is tinyDB, we ensure larger acceptance
among end-users. The essential differences between tinyDB and tinyPEDS are
discussed in the Annex A.
As an example of user-friendly (SQL-like) query (q, tu)∈ Q × TU:
SELECT AVG(light), room FROM sensors
WHERE room = ’kitchen’ OR room = ’library’
TIME BETWEEN ’12:00’ AND ’13:00’
GROUP BY room
The format of a “WSN friendly” tinyPEDS flooding message is hregion,
duration,agg regation, T T L, QT i. Our model supports hierarchical topologies
and here region is any subregion of the WSN. In tinyPEDS, typically region
can be noted as region =hlevel1Blevel2... Blevelliwith leveli∈ P (ALL)
and ALL := {Q(i,1),...,Q(i,4) }for 1 ≤i≤l. As a consequence, the smallest
unit of an area to which a symbolical location can be mapped is one of the
lowest hierarchical subregion of the WSN. Duration is any subinterval over the
WSN’s current lifetime, aggregation describes the mode of in-network process-
ing, which can be the addition or comparisions operations. The parameter T T L
is the time-to-live and QT describes the query type which can be either “con-
tinuous (C)” or “disaster (D)”. The problem of mapping the SQL-like query
to the WSN query is further discussed in Section 5. A controlled flooding mes-
sage $=hregion, [tx, ty], ag gregation, ttlmax, C iis handled by receiving sensors
s∈ N as denoted in Algorithm 1. In tinyPEDS, data monitored is stored at the
aggregator node itself, and at one of its neighbouring aggregator. Notice that
the query model for distributed database entries of the WSN is different prior
and after a disaster strike. After a disaster, where a large number of nodes have
died in a limited area, the query is flooded to the complementary region of where
the data was originally monitored, as described in Algorithm 2. Thus a disaster
query would hopefully harvest the monitored data of the dead nodes in their
backup nodes, it is only issued when a continuous query has failed. With the
data harvested from the continuous and disaster query responses, one can re-
construct the data completely.
For the concrete setting of $=hQ(1,1) BQ(2,2) BQ(3,1) ∪Q(2,4) BQ(3,1) ,[tx, ty],+,
20, Ciand the WSN characteristics listed in table 1, $translates into the con-
trolled flooding pattern depicted in the figure 1 of our the GloMoSim simulation.
Q(x,y)denotes a subregion (quarter) of N, whereas x(1 ≤x≤l) stands for the
quarter’s hierarchy level and y(1 ≤y≤ω) identifies the ωquarters in a cycled
order of the corresponding hierarchy level l.
Algorithm 1 Continuous Database Query /* for any receiving sensor node
s∈ N */
if s∈ Q(x,y)AND Q(x,y)⊆pathT o(reg ion)then
if ttlcurrent >1then
ttlcurrent =ttlcur rent −1
s→ ∗ :hregion, [tx, ty], ag gregation, ttlcur rent, C i
if aggregation =true AND storage[t,t+1] ∩region 6=∅AND tx≤t≤tythen
s→R:hstorage[t,t+1] i
end if
end if
else
ttlcurrent = 0
end if
5 Problem Statement
We are now in the position to formulate the problem statement of this work:
Given a T= (TU,TN) for a Mthat ensures that an adequate f∗:Q×(TU,TN)→
Mexists, how to make the originator of any q∈ Q verifiable for the receiver of
$∈ M over the detour of f∗(and not f)?
Algorithm 2 Disaster query
if s∈ N \Qzthen
if ttlcurrent >1then
ttlcurrent =ttlcur rent −1
s→ ∗ :hregion, [tx, ty], ag gregation, ttlcur rent, Di
if aggregation =true AND storage[t,t+1] ∩region 6=∅AND tx≤t≤tythen
s→R:hstorage[t,t+1] i
end if
end if
else
ttlcurrent = 0
end if
WSN size, quadrant size 400x400, 50
num. nodes 240-407
node’s transmission range 50
hierarchy levels (l) 3
num. quarters per level (ω) 4
radio layer CSMA
propagation pathloss two-way
Table 1. GloMoSim simulation parameters.
TU··· library kitchen · · ·
TN· · · Q(2,2) BQ(3,1) Q(2,4) BQ(3,1) · · ·
Table 2. Concrete topology setting for T= (TU,TN).
Fig. 1. Controlled flooding of the continuous database query hQ(1,1) BQ(2,2) BQ(3,1) ∪
Q(2,4) BQ(3,1),[tx, ty],+,20, C iin a WSN with l= 3 and ω= 4.
The precondition of our problem statement addresses the fact that for a
semantical appropriate interpretation of qone has to provide additional infor-
mation tNto translate qin a corresponding $. However, to still ensure a user-
friendly query process we must hide tNfrom the end-user, namely tNmust be
incorporated into the query process after the user has formulated his query. This
implies that f∗can only be applied after qhas been formulated by the user. This
observation has different impact for the previously introduced different WSN
types:
a) asynchronous WSN: In this setting the functionalities of the reader and
the sink node are co-located. The end-user formulates a query (q, t U). However,
tNis available at the sink node respectively the reader and it is due to the query
translation framework to translate (q, tU) to $:
reader/sink sensor
(q, tU)
↓
f∗(q, tU, tN) = $→$
b) synchronous WSN: In this setting the reader device and the sink node
are two separate units. A multitude of reader devices can access the WSN from
anywhere in the core network via the sink node. In such a setting it is unrealistic
to assume that TNis known to each reader device. Instead TNshould solely be
located at the sink node. Therefore, we assume the following setting:
reader sink sensor
(q, tU)→f∗(q, tU, tN) = $→$
Our problem statement addresses the security problem that arises due to the
fact that tNis subsequently incorporated into a query (q, tU)after the end-user
entry. How to ensure query message originator verification between the end-user
and the verifying sensor nodes on (q, tU) although sensor nodes finally receive
$? Note that this is of highest relevance for synchronous WSNs in which the
reader device and the sink node are separate units.
6 Truncated Hash Chains
We introduce the notion of dedicated security primitives and define a hash-chain,
which is also known as Lamport’s hash-chain [9], as xi+1 =h(xi) with x0being
the anchor and hbeing an un-keyed one-way hash function which maps bit-
strings to tbits. One-wayness means that given x, the image y=h(x) can be
easily computed, but the other way around, that is given yfinding a pre-image,
is difficult. We denote xi=hi(x0) = h(...(h(x0))...). We define x[1,t−k]
i+1 to be a
(t−k)-truncated hash value from a t-bit secure hash function: x[1,t−k]
i+1 ←- h(xi).
W.l.o.g. [1, t −k] indicates that x[1,t−k]
i+1 consists out of the first t−kbits of h(xi).
7 Access Control for synchronous WSNs
We propose an access control protocol for (synchronous) WSNs which
1. supports the mapping from user-friendly queries to a WSN architecture ap-
propriate flooding message,
2. hides the WSN’s master secret from the set of reader devices,
3. supports newcomers to the set of reader devices, and
4. securely links the access protocol part from the WSN with the protocol part
from the infrastructure.
Topic 1) ensures that in particular a message flow as described in Section 5b)
is supported. Topic 2) ensures that readers cannot directly send queries to the
WSN, namely skip the sink node. In addition, the set of the reader devices may
be huge and the knowledge of each client about the master secret would be
unacceptable.
Transmitting: Processing:
1. R→S: (q, tU)||Hxn−i(q, tU)S:xn−i=hn−i(x0)
Hxn−i(q, tU)?
=Hxn−i(q, tU)
xn−i−1=hn−i−1(x0)
f∗(q, tU, tN) = $
z0=x0⊕ym−j
2. S→R:$, z0, Hxn−i−1(xn−i, $)R:xn−i−1=hn−i−1(x0)
Hxn−i−1(xn−i, $)?
=Hxn−i−1(xn−i, $)
ym−j=z0⊕x0
3. R→S:$, Hxn−i−1(xn−i, ym−j, $)
Hym−j($)
4. S→s:$, H [1,t−k]
ym−j($)s:ym−j=hm−j(y0)
H[1,t−k]
ym−j($)?
=H[1,t−k]
ym−j($)
Table 3. WSN access control protocol for the i-th query of the reader device.
Compared to the scarce radio link connecting the sink node and the sensor
nodes we assume the bandwidth requirements between the reader device and
the sink node to be rather relaxed. We further assume the sink node to be
tamper-resistant and to provide enough storage space to administrate a list of
all end-users (readers) who are allowed to access the WSN. For such a setting
one solution for a user-friendly and DoS resilient access control protocol to the
WSN may be based on
–a challenge-response based on a keyed one-way function,
–two hash chains, and
–a truncated (keyed) hash function.
The challenge response protocol runs between the reader device (R) and the
sink node (S) whereas we solely apply a truncated hash function on the scarce
radio link between Sand a sensor (s). This ensures a weak but still reason-
able secure query message authentication at the sensor nodes to prevent DoS
attacks from “any” unauthorised reader which simply circumvents the sink node
S. Without such a mechanism it would be possible to cheat and to directly
address a query request to the WSN. We apply two hash chains. Hash chain
number one which is generated based on a secret anchor x0is known by the sink
node and one particular reader device. The sink node stores for each particular
reader a different pair (x0, n) whereas each reader stores the secret (x0, n). The
value nrepresents the number of iterations of the applied hash function, namely
xnis the hash value xn=hn(x0). The hash value xnis public and reveals no
secret. Hash chain number two is generated based on the secret anchor y0. The
tuple (y0, m) is known by the sink node and each sensor node in the WSN. This
tuple is stored by the manufacturer within the sensor nodes preliminary to the
roll-out of the WSN. Again ym=hm(y0) is public not revealing any secret. Both
hash chains are applied in a simple yet efficient way to control access to an asyn-
chronous WSN. The basic idea is to apply intermediate hash values xi=hi(x0)
with 1 ≤i≤nand yj=hj(y0) with 1 ≤j≤mto keyed hash functions
Hxi($) respectively Hyj($), namely message authentication codes (MAC). The
(n−i)-th hash value which can be derived from x0is used by the particular
reader for its i-th query addressing the WSN. The (m−j)-th value which can
be derived from y0represents the j-th request of any reader device. However,
due to the extreme bandwidth limitation on the radio (IEEE 802.15.4 WPAN)
and due to the fact that the number of transmitted bits directly translates into
a reduced lifetime of the WSN we propose to use (t−k)-truncated keyed hash
values H[1,t−k]
ym−j($)←Hym−j($). The full protocol is described in table 3.
Remarks:
–the secret (x0, n) is known by the sink node and a specific reader device.
The secret (y0, m) in particularly is not known by the reader devices. It is
exlusively stored at the sensor nodes and at the sink node. To still enable a
reader device to compute Hym−j($) and to know ym−j, in Step 1 the sink
node performs the ⊕function (bitwise addition modulo 2) on x0and the
actual WSN secret ym−j. In Step 2) the reader device bitwise adds x0to
z0to compute the actual WSN key which is valid for the actual flooding
message $.
–if everything works well, it is not really necessary to provide Rthe knowledge
of ym−j. But as the experience shows, it is rather unrealistic to assume that
the sink Scan always communicate with each sensor s. For example, in huge
WSN, intermediate nodes are necessary to transport a message from Sto s.
If this connection is broken, Rcan use the knowledge of ym−jto get directly
in contact with s. As supdates the value of ym−jto ym−j−1for the next
flooding message, ym−jprovides only a kind of temporary permission to get
information from s, what limits the damage Rcould cause.
–any s∈ N where H[1,t−k]
ym−j($)?
=H[1,t−k]
ym−j($) is true, locally broadcasts the
message $, H [1,t−k]
ym−j($), otherwise it drops the query.
–the problem of message loss over the wireless can be handled at any s∈ N by
also validating if H[1,t−k]
ym−j($)?
=H[1,t−k]
ym−j−2($) in case the check H[1,t−k]
ym−j($)?
=
H[1,t−k]
ym−j−1($) failed. Iff the second check succeeds sforwards the query and
sets j=j−1.
–only t−kadditional bits over the scarce wireless are needed. An adversary
who eavesdrop the value H[1,t−k]
ym−j($) might misuse this knowledge to replace
$by his own flooding message. However, as the value ym−jis secret, the
problem is to find a value $06=$such that H[1,t−k]
ym−j($) = H[1,t−k]
ym−j($0) for
an unknown value ym−j. This is also know as a target collision. We expect
a hash function suitable for a hash chain to be target collision resistance.
Note that it is widely believed that for t= 80 finding a target collision is as
hard as factoring an RSA modulus of 1024-bits. On the Berkeley motes e.g.
RC5 based hash chains and MACs are quite competitive in terms of speed
(2.22-4.18ms), code size (1738 Bytes) and data size (136 Bytes).
8 Proposed Approch for Data Concealment in WSNs
Access control for WSNs is only valuable if data concealment over the wire-
less is provided. Approaches like TinySec with RC5 respectively Skipjack or
IEEE 802.15.4 WPAN’s AES-CTR provide link layer security in a hop-by-hop
manner. However, since query response traffic is characterised by in-network
processing and data aggregation of reverse multicast traffic each aggregating
node must decrypt all receiving data, aggregate the data and subsequently en-
crypt the aggregated value again. This is suboptimal due to i) a lack of se-
curity at the aggregating nodes and ii) due to the energy waste for multiple
decryption and encryption operations. Therefore in [15] we propose for the ag-
gregation functions sum,average,movement detection and variance to apply a
symmetric/asymmetric additively privacy homomorphism (P HS)to conceal re-
verse multicast traffic end-to-end. A P Hsis an encryption transformation which
has the property
a+b=Dk(Ek(a) + Ek(b)) (1)
where aand bbelong to the plaintext domain and Eand Dare encryption
respectively decryption transformations on the key k. Using such an P Hsin
WSNs means that an aggregator node can perform above aggregation functions
on incoming ciphertexts. With conventional encryption schemes it would need
to decrypt incoming ciphers before performing the aggregation function.
9 Related Work
The first work in progress report investigating the problem of authenticated
querying in sensor networks appeared in 2005 from Benenson [2]. Beneson intro-
duced the problem of node querying and analysed the design space for authenti-
cated queries in WSNs. Although Beneson describes techniques for authenticated
querying she does not provide a concrete solution to the problem of authenti-
cated queries. Recently a concrete solution to this problem followed in [3]. It it
based on the idea of using 1-bit MACs per sensor node. A sensor node receiving
a query can infer with probability 1/2 if the query stems from an authenticated
reader device.
Zhou and Ravishankar [19] have proposed the use of dynamical Merkle trees
and one-way hash chains in order that the sensors are able to authenticate mobile
sinks. The mobile sinks must get for each activity the necessary credential from
the base station, so that they can then locally query the sensors. The sensors can
then verify the authenticity of mobile sinks by just storing the prior knowledge
of the root of the Merkle tree. Contrary to the work at hand, these approaches
are focused on the WSN and not on the fixed network.
More generally, a set of authentication approaches for restricted devices have
been proposed. We restrict ourselves by refering to the resurrecting duckling ap-
proach from Stajano and Anderson [12], the Guy Fawkes protocol [1], the TESLA
approach from Perrig et al.[11], and the Zero Common-Knowledge (ZCK) pro-
tocol [14].
10 Conclusion
We introduced the problem of end-user friendly WSN queries and DoS resilient
access control to WSNs. We propose to use an access control protocol which is
based on a challenge-response protocol and truncated hash values over the scarce
wireless to overcome the introduced problems. The access control mechanism
provides two way mutual authentication between the reader device and the sink
node as well as a lightweight query authentication at the sensor nodes. The latter
is mandatory to prevent un-authorised users from flooding query messages to the
WSN by circumventing the sink node. The proposed data storage architecture on
the WSN side is tinyPEDS which ensures an encrypted distributed data storage.
Acknowledgment
We would like to thank Axel Poschmann and Andre Weimerskirch for their input
to Section 2. We would also like to thank Alban Hessler who gave input to the
camera ready version of this paper.
A Comparing tinyPEDS with tinyDB
We argued in Section 4 that the tinyPEDS front-end language is very similar to
the one of tinyDB, because we do not want the user to learn a new query syntax
for each WSN database. However, one has to keep in mind that the underlying
databases and mechanisms are fundamentally different. Due to space restrictions
tinyPEDS tinyDB
WSN type Asynchronous Synchronous
Storage policy In-network At sink
Some storage points possible
Dissemination model Controlled flooding Multicast (tree routing)
System security Encrypted storage None
End-to-end confidentiality
Table 4. Databases features.
we only sum up the main differences. They are listed in table 4:
The data model has the same shape for both WSN databases. We can see the
WSN as one table, i.e. sensors, which has a colum for each type of data, e.g.
temperature; and a row for:
–each node and interval of time in tinyDB
–each lowest subregion and epoch in tinyPEDS
One major difference is that tinyDB uses acquisitional queries, meaning that
records of the table are only materialized as needed to satisfy a query and sub-
sequently stored for a short period of time or delivered out of the network. Con-
sequently queries in tinyDB only concern present or future values. In opposite
to tinyPEDS, where queries harvest data of the past thanks to the in-network
persistent storage.
References
1. R. Anderson, F. Bergadano, B. Crispo, J.-H. Lee, C. Manifavas, R. Needham, “A
New Family of Authentication Protocols”, ACM Operating Ssystems Review, 1998.
2. Z. Benenson “Authenticated Queries in Sensor Networks”, Second European Work-
shop on Security and Privacy in Ad Hoc and Sensor Networks, ESAS’05, LNCS
3813, pp. 54-67, Visegrad, Hungary, 2005.
3. Z. Benenson, L. Pimenidis, F.C. Freiling, S. Lucks “Authenticated Query Flooding
in Sensor Networks”, 4th IEEE Conference on Pervasive Computing and Commu-
nications Workshops, pp. 644-647, Pisa, Italy, 2006.
4. FIPS PUB 140-2, “Security Requirements for Cryptographic Modules”, Federal
Information Processing Standards Publication, National Institute of Standards and
Technology.
5. W. Heinzelmann “Application-Specific Protocol Architectures for Wireless Net-
works”, PhD thesis, MIT, 2000.
6. J. Girao, D. Westhoff, E. Mykletun, T. Araki, “TinyPEDS: Persistent Encrypted
Data Storage in Asynchronous Wireless Sensor Networks” to appear as regular
paper in Elsevier Ad Hoc Journal.
7. J. M. Hellerstein, W. Hong, S.Madden, K. Stanek, “Beyond Average: Towards
Sophisticated Sensing with Queries”, In Workshop on IPSN’03, Palo Alto, CA,
USA, April 2003.
8. H. Karl, A. Willig, “Protocols and Architectures for Wireless Sensor Networks”,
Wiley, 2005.
9. L. Lamport, “Password authentication with insecure communication”, Commun.
ACM 24(11), pp. 770–772, ACM Press, New York, NY, USA, 1981.
10. S. Madden, M. J. Franklin, J. Hellerstein, W. Hong, “TAG: a Tiny AGgregation
Service for Ad-Hoc Sensor Networks“ In 5th Symposium on OSDI, 2002.
11. A. Perrig, R. Canetti, J.D. Tygar, D. Song, “The TESLA broadcast authentication
protocol”, RSA CryptoBytes, 5(Summer), 2002.
12. F. Stajano, R. Anderson, “The resurrecting duckling: Security issues for ad hoc
wireless networks”, 7th International Workshop, volume 1796 of Lecture Notes in
Computer Science, pp. 172-194. Springer-Verlag, Berlin Germany, 2000.
13. S. Tilak, N. B. Abu-Ghazaleh, W. Heinzelmann, “Collaborative Storage Manage-
ment in Sensor Networks”, Journal of Ad Hoc & Ubi. Comp.
14. A. Weimerskirch, D. Westhoff, “Zero-Common Knowldge Authentication for Per-
vasive Networks”, 10th Selected Areas in Cryptography, SAC’03, Springer-Verlag
LNCS 3006, pp. 73-87, Ottawa, Ontario, CA, August 2003.
15. D. Westhoff, J. Girao, M. Acharya, “Concealed Data Aggregation for Reverse
Multicast Traffic in Wireless Sensor Networks: Encryption, Key Pre-distribution
and Routing”, in IEEE Transactions on Mobile Comuting, Vol. 10, October 2006.
16. D. Westhoff, “End-user friendly and DoS Resilient Access Control for WSNs”,
13th International Conference on Telecommunication, ICT, Portugal, May 2006.
17. J. Girao, D. Westhoff, M. Schneider, “CDA: Concealed Data Aggregation for Re-
verse Multicast Traffic in Wireless Sensor Networks”, In IEEE International Con-
ference on Communications (ICC’05), Seoul, Korea, May 2005.
18. Samuel R. Madden, Michael J. Franklin, Joseph M. Hellerstein, Wei Hong,
“TinyDB: an acquisitional query processing system for sensor networks”, ACM
Trans. Database Syst., Vol. 30 No 1, 2005
19. Li Zhou, Chinya V. Ravishankar, “Dynamic Merkle Trees for Verifying Privileges in
Sensor Networks”, In IEEE International Conference on Communications (ICC’06),
Istanbul, Turkey, June 2006
