Qi Dong
Peng Ning
ABSTRACT
Recent studies have demonstrated that it is possible to perform public key cryptographic operations on the resource-constrained sensor platforms. However, the significant resource consumption imposed by public key cryptographic operations makes such mechanisms easy targets of Denial- of Service (DoS) attacks. For example, if digital signatures such as ECDSA are used directly for broadcast authentication without further protection, an attacker can simply broadcast forged packets and force the receiving nodes to perform a large number of unnecessary signature verifications, eventually exhausting their battery power. This paper studies how to deal with such DoS attacks when signatures are used for broadcast authentication in sensor networks. In particular, this paper presents two filtering techniques, a group-based filter and a key chain-based filter, to handle DoS attacks against signature verification. Both methods can significantly reduce the number of unnecessary signature verifications that a sensor node has to perform. The analytical results also show that these two techniques are efficient and effective for resource-constrained sensor networks.
- I. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci. Wireless sensor networks: A survey. Computer Networks, 38(4):393--422, 2002. Google Scholar
Digital Library
- H. Chan, A. Perrig, and D. Song. Random key predistribution schemes for sensor networks. In IEEE Symposium on Security and Privacy (S&P), pages 197--213, May 2003. Google ScholarDigital Library
- Crossbow Technology Inc. MICAz 2.4GHz Wireless Module. http://www.xbow.com/Products/productdetails.aspx?sid=164. Accessed in January 2008.Google Scholar
- L. Eschenauer and V. D. Gligor. A key-management scheme for distributed sensor networks. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), pages 41--47, November 2002. Google ScholarDigital Library
- N. Gura, A. Patel, and A. Wander. Comparing elliptic curve cryptography and rsa on 8-bit CPUs. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES), August 2004.Google ScholarCross Ref
- C. Hartung, J. Balasalle, and R. Han. Node compromise in sensor networks: The need for secure systems. Technical Report CU-CS-990-05, U. Colorado at Boulder, Jan. 2005.Google Scholar
- Y. Hu, A. Perrig, and D. Johnson. Packet leashes: A defense against wormhole attacks in wireless ad hoc networks. In Proceedings of INFOCOM, April 2003.Google ScholarCross Ref
- IEEE Computer Society. IEEE standard for information technology - telecommunications and information exchange between systems - local and metropolitan area networks specific requirements part 15.4: wireless medium access control (MAC) and physical layer (PHY) specifications for low-rate wireless personal area networks (LR-WPANs). IEEE Std 802.15.4-2003, 2003.Google Scholar
- C. Karlof and D. Wagner. Secure routing in wireless sensor networks: Attacks and countermeasures. In Proceedings of 1st IEEE International Workshop on Sensor Network Protocols and Applications, May 2003.Google ScholarCross Ref
- L. Lazos and R. Poovendran. Serloc: Secure range-independent localization for wireless sensor networks. In ACM workshop on Wireless security (ACM WiSe 2004), Philadelphia, PA, October 1 2004. Google ScholarDigital Library
- H. Lim and C. Kim. Multicast tree construction and flooding in wireless ad hoc networks. In Proceedings of ACM Modeling, Analysis, and Simulation of Wireless and Mobile Systems, 2000. Google ScholarDigital Library
- A. Liu and P. Ning. TinyECC: Elliptic curve cryptography for sensor networks. http://discovery.csc.ncsu.edu/software/TinyECC/index.html.Google Scholar
- D. Liu and P. Ning. Establishing pairwise keys in distributed sensor networks. In Proceedings of 10th ACM Conference on Computer and Communications Security (CCS), pages 52--61, October 2003. Google ScholarDigital Library
- D. J. Malan, M. Welsh, and M. D. Smith. A public-key infrastructure for key distribution in tinyos based on elliptic curve cryptography. In Proceedings of First Annual IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks (IEEE SECON 2004), pages 71--80, 2004.Google ScholarCross Ref
- J. Newsome, R. Shi, D. Song, and A. Perrig. The sybil attack in sensor networks: Analysis and defenses. In Proceedings of IEEE International Conference on Information Processing in Sensor Networks (IPSN 2004), Apr 2004. Google ScholarDigital Library
- P. Ning, A. Liu, and W. Du. Mitigating dos attacks against broadcast authentication in wireless sensor networks. ACM Transactions on Sensor Networks (TOSN), 4(1), 2008. To appear. Google ScholarDigital Library
- B. Parno, A. Perrig, and V. Gligor. Distributed detection of node replication attacks in sensor networks. In IEEE Symposium on Security and Privacy, May 2005. Google ScholarDigital Library
- W. Peng and X. Lu. On the reduction of broadcast redundancy in mobile ad hoc networks. In Proceedings of ACM International Symposium on Mobile and Ad Hoc Networking and Computing, 2000. Google ScholarDigital Library
- A. Perrig, R. Szewczyk, V. Wen, D. Culler, and D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of Seventh Annual International Conference on Mobile Computing and Networks (MobiCom), July 2001. Google ScholarDigital Library
- B. Przydatek, D. Song, and A. Perrig. SIA: Secure information aggregation in sensor networks. In Proceedings of the 1st ACM Conference on Embedded Networked Sensor Systems (SenSys), Nov 2003. Google ScholarDigital Library
- Texas Instruments Inc. 2.4 GHz IEEE 802.15.4 / ZigBee-ready RF Transceiver. http://focus.ti.com/lit/ds/symlink/cc2420.pdf. Accessed in January 2008.Google Scholar
- H. Wang, B. Sheng, C. C. Tan, and Q. Li. WM-ECC: an Elliptic Curve Cryptography Suite on Sensor Motes. Technical Report WM-CS-2007-11, College of William and Mary, Computer Science, Williamsburg, VA, 2007.Google Scholar
- R. Wang, W. Du, and P. Ning. Containing denial-of-service attacks in broadcast authentication in sensor networks. In MobiHoc '07: Proceedings of the 8th ACM international symposium on Mobile ad hoc networking and computing, pages 71--79, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- A. D. Wood and J. A. Stankovic. Denial of service in sensor networks. IEEE Computer, 35(10):54--62, 2002. Google ScholarDigital Library
- S. Zhu, S. Xu, S. Setia, and S. Ja jodia. LHAP: A lightweight hop-by-hop authentication protocol for ad-hoc networks. In Proceedings of the Workshop on Mobile and Wireless Network (MWN), 2003. Google ScholarDigital Library
Index Terms
Pre-authentication filters: providing dos resistance for signature-based broadcast authentication in sensor networks
Recommendations
Mitigating DoS attacks against broadcast authentication in wireless sensor networks
Broadcast authentication is a critical security service in wireless sensor networks. There are two general approaches for broadcast authentication in wireless sensor networks: digital signatures and μTESLA-based techniques. However, both signature-based ...
Providing DoS resistance for signature-based broadcast authentication in sensor networks
Recent studies have demonstrated that it is feasible to perform public key cryptographic operations on resource-constrained sensor platforms. However, the significant energy consumption introduced by public key operations makes any public key-based ...
Enhancing broadcast authentication in sensor networks
CNS '11: Proceedings of the 14th Communications and Networking SymposiumDue to the nature of wireless sensor networks, security is a critical problem since resource constrained and usually unattended sensors are much vulnerable to malicious attackers that may impersonate the sender. Therefore authenticating received ...
Comments