Toward resilient security in wireless sensor networks (original) (raw)
Related papers
Location-based compromise-tolerant security mechanisms for wireless sensor networks
IEEE Journal on Selected Areas in Communications, 2006
Node compromise is a serious threat to wireless sensor networks deployed in unattended and hostile environments. To mitigate the impact of compromised nodes, we propose a suite of location-based compromise-tolerant security mechanisms. Based on a new cryptographic concept called pairing, we propose the notion of location-based keys (LBKs) by binding private keys of individual nodes to both their IDs and geographic locations. We then develop an LBK-based neighborhood authentication scheme to localize the impact of compromised nodes to their vicinity. We also present efficient approaches to establish a shared key between any two network nodes. In contrast to previous key establishment solutions, our approaches feature nearly perfect resilience to node compromise, low communication and computation overhead, low memory requirements, and high network scalability. Moreover, we demonstrate the efficacy of LBKs in counteracting several notorious attacks against sensor networks such as the Sybil attack, the identity replication attack, and wormhole and sinkhole attacks. Finally, we propose a location-based threshold-endorsement scheme, called LTE, to thwart the infamous bogus data injection attack, in which adversaries inject lots of bogus data into the network. The utility of LTE in achieving remarkable energy savings is validated by detailed performance evaluation.
Securing sensor networks with location-based keys
IEEE Wireless Communications and Networking Conference, 2005
Wireless sensor networks are often deployed in unattended and hostile environments, leaving individual sensors vulnerable to security compromise. This paper proposes the novel notion of location-based keys for designing compromise-tolerant security mechanisms for sensor networks. Based on locationbased keys, we develop a node-to-node authentication scheme, which is not only able to localize the impact of compromised nodes within their vicinity, but also to facilitate the establishment of pairwise keys between neighboring nodes. Compared with previous proposals, our scheme has perfect resilience against node compromise, low storage overhead, and good network scalability. We also demonstrate the use of location-based keys in combating a few notorious attacks against sensor network routing protocols.
Improvement of Dependability against Node Capture Attacks for Wireless Sensor Networks
IEICE Transactions on Information and Systems, 2011
A Wireless Sensor Network has sensor nodes which have limited computational power and memory size. Due to the nature of the network, the data is vulnerable to attacks. Thus, maintaining confidentiality is an important issue. To compensate for this problem, there are many countermeasures which utilize common or public key cryptosystems that have been proposed. However, these methods have problems with establishing keys between the source and the destination nodes. When these two nodes try to establish new keys, they must exchange information several times. Also, the routes of the Wireless Sensor Networks can change frequently due to an unstable wireless connection and batteries running out on sensor nodes. These problems of security and failure become more serious as the number of nodes in the network increases. In this paper, we propose a new data distribution method to compensate for vulnerability and failure based on the Secret Sharing Scheme. In addition, we will confirm the effect of our method through experiments. Concerning security, we compare our method with the existing TinySec, which is the major security architecture of Wireless Sensor Networks. key words: wireless sensor networks, security, node capture attack, secret sharing scheme, key refreshment Yoshiaki Kakuda received his B.E., M.Sc.,
A New Protocol for Securing Wireless Sensor Networks against Nodes Replication Attacks
2007
The low-cost, unattended nature and the capability of self-organizing of sensors, yield the use of wireless sensor networks (WSN) very popular to day. Unfortunately, the unshielded nature of sensors, their deployment in remote open (hostile) areas, and the use of wireless transmission medium, make them subject to several kind of threats and attacks, like eavesdropping, intrusion, deny of services (DoS) attacks and nodes compromising. While most of threats and attacks can be prevented using cryptographic materials (i.e. shared pair- wise secret keys, certificates, etc.) provided by key management protocols, some other threats, like nodes replication attacks, can still go undetectable. Nodes replication attacks are harmful attacks, where an attacker compromising a node, uses its secret cryptographic key materials to successfully populate the network with several clones of it, in-order to gain the control over the network or disturb the normal operation of the network. Several nodes replication detection protocols were proposed in the literature, but unfortunately, they require either a high computation, transmission and energy overheads, or that nodes know their exact locations coordinates, which limits their usability in most WSN scenarios. In this paper, we present a new protocol for securing and preventing against nodes replication attacks in static WSN, which requires no knowledge of nodes deployment locations, and introduces no significant overhead on the resource-constrained sensors.
A location-ID sensitive key establishment scheme in static wireless sensor networks
Proceedings of the International Conference on Mobile Technology, Applications, and Systems - Mobility '08, 2008
Sensor networks are usually consist of thousands of resourcelimited nodes and are deployed in a designated area without any fixed infrastructure. While the establishment of the pairwise keys between any pair of adjacent nodes to build a secure link remains the main concern in the design of key management protocols, malicious attacks aim at routing information, exhaust node's resource, and compromised secrets can misdirect the data flow or denial the network service with relatively small effort. Many mission-critic sensor network applications demand an effective, light, and flexible algorithm yet robust under attacks. Based on the LEAP+ scheme, we propose an improved LEAP+ by adding location information into the key establishment phase. By identifying the correctness of the id-location pair, our scheme effectively limits the Sybil attack and mitigates the damage of HELLO flood attack and node cloning attack. We furthermore propose an authentication phase in our scheme to defend possible replay attacks. The analysis shows that our scheme is more robust than LEAP+ with only minor increase of computation overhead.
An Efficient Security Mechanism for Wireless Sensor Networks
Proceedings of the International Conference on Advances in Information and Communication Technologies (ICICOT), Manipal, India, December 28-30, 2007, pp. 86 - 97. , 2007
Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Unfortunately, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. This problem is more critical if the network is deployed for some mission-critical applications such as in a tactical battlefield. Random failure of nodes and intentional compromise of nodes by an insider attack in a WSN pose particularly difficult challenges to security engineers as these attacks cannot be defended by traditional cryptography-based mechanisms. In this paper, a security solution is proposed for detecting compromised and faulty nodes in a WSN. The mechanism also isolates a compromised node from the network so that it cannot participate in any network activity. The proposed mechanism is based on misbehavior classification, behaviour monitoring and trust management. It involves minimum computation and communication overhead and is ideally suited for a resource-constrained, high-integrity WSN.
A New Resilient Key Management Protocol for Wireless Sensor Networks
Wireless Sensor Networks (WSN) security is an important issue which has been investigated by researchers for few years. The most fundamental security problem in WSN is key management that covers the establishment, distribution, renewing and revocation of cryptographic keys. Several key management protocols were proposed in the literature. Unfortunately, most of them are not resilient to nodes capture. This means that an attacker compromising a node can reuse the node's key materials to populate any part of the network with cloned nodes and new injected nodes. In this article, we present a simple polynomial-based key management protocol using a group-based deployment model without any necessary predictable deployment location of nodes. That solution achieves high resilience to nodes compromising compared with other protocols.
Defending Against Nodes Replication Attacks on Wireless Sensor Networks
Wireless Sensor Networks (WSN) are subject to several kind of threats and attacks, like eavesdropping, intrusion, battery exhausting, packets reply and nodes compromising. While most of threats can be dealt with them through cryptographic materials provided by key management protocols, some other threats, like nodes replication attacks, can still go undetectable. Nodes replication attacks are one of the most redoubtable attacks, where an attacker compromising a node, uses its secret cryptographic key materials to successfully populate the network with clones of it. Few nodes replication defending protocols were proposed in the literature, but unfortunately, they require either a high computation, transmission and energy overheads, or that nodes know their exact location coordinates, which limits their usability in most WSN scenarios. In this paper, we present a replication detection protocol for static WSN, which requires no knowledge of nodes deployment locations, and introduces no significant overhead on the resource-constrained sensors.
SecLEACH - A Random Key Distribution Solution for Securing Clustered Sensor Networks
Fifth IEEE International Symposium on Network Computing and Applications (NCA'06), 2006
Wireless sensor networks are ad hoc networks comprised mainly of small sensor nodes with limited resources, and can be used to monitor areas of interest. Recent work has shown that clustered sensor networks can increase system throughput, decrease system delay, and save energy. In this paper, we show that random key predistribution, first proposed and studied in the context of flat wireless sensor networks, is a very attractive key distribution solution for clustered sensor networks with rotating cluster heads, such as LEACH.
Journal of Advances in Information Technology, 2010
Wireless sensor networks pose new security and privacy challenges. One of the important challenges is how to bootstrap secure communications among nodes. Several key management schemes have been proposed. However, they either cannot offer strong resilience against node capture attacks, or requires too much memory for achieving the desired connectivity. In this paper, we propose a LOcation dependent Connectivity guarantee Key management scheme for heterogeneous wireless sensor networks (LOCK) without using deployment knowledge. In our scheme, a target field is divided into hexagon clusters using a new clustering scheme crafted out of nodes's heterogeneity. Even without using deployment knowledge, we drastically reduce the number of keys to be stored at each node. A pair-wise, group wise and cluster key can be generated efficiently for among nodes. LOCK provides dynamicity by two ways; one by not completely depending upon pre deployed information and other by not completely depending upon location. Compared with existing schemes, our scheme achieves a higher connectivity with a much lower memory requirement. It also outperforms other schemes in terms of resilience against node capture and node replication attacks. Scheme is proved to support largest possible network using smallest storage overhead as compared to existing key management schemes.