Mobile sinks are needed in many sensor network applications for efficient data collection, data querying, localized sensor reprogramming, identifying, and revoking compromised sensors, and other network maintenance. Employing mobile sinks however raises a new security challenge: if a mobile sink is given too many privileges, it will become very attractive for attack and compromise. Using a compromised mobile sink, an adversary may easily bring down or even take over the sensor network. Thus, security mechanisms that can tolerate mobile sink compromises are essential. In this article, based on the principle of least privilege, we first propose an efficient scheme to restrict the privilege of a mobile sink without impeding its ability to carry out any authorized operations for an assigned task. In addition, we present an extension to allow conditional trajectory change due to unexpected events. To further reduce the possible damage caused by a compromised mobile sink, we propose efficient message forwarding schemes for deleting the privilege assigned to a compromised mobile sink immediately after its compromise has been detected. Through detailed

The demand for efficient data dissemination/access techniques to find the relevant data from within a sensor network has led to the development of data-centric sensor networks (DCS), where the sensor data as contrast to sensor nodes are named based on attributes such as event type or geographic location. However, saving data inside a network also creates security problems due to the lack of tamper-resistance of the sensor nodes and the unattended nature of the sensor network. For example, an attacker may simply locate and compromise the node storing the event of his interest. To address these security problems, we present pDCS, a privacyenhanced DCS network which offers different levels of data privacy based on different cryptographic keys. pDCS also includes an efficient key management scheme to facilitate the management of multiple keys in the system. In addition, we propose several query optimization techniques based on Euclidean Steiner Tree and Keyed Bloom Filter to minimize the query overhead while providing certain query privacy. Finally, detailed analysis and simulations show that the Keyed Bloom Filter scheme can significantly reduce the message overhead with the same level of query delay and maintain a very high level of query privacy. 1

We propose SecNav, a new protocol for securing wireless navigation systems. This protocol secures localization and time-synchronization in wireless networks by relying on devices ’ awareness of presence in the power-range (coverage area) of navigation stations. We perform a detailed security analysis of SecNav and show that, compared to existing secure navigation approaches, it prevents the widest range of attacks on navigation. Our implementation of SecNav, using 802.11b devices, shows that this scheme can be efficiently implemented with existing technologies. 1

We present two broadcast authentication protocols based on delayed key disclosure. Our protocols rely on symmetric-key cryptographic primitives and use cryptographic puzzles to provide efficient broadcast authentication in different application scenarios, including those with resource-constrained wireless devices such as sensor nodes. The strong points of the protocols proposed are that one allows instantaneous message origin authentication, whereas the other has low communication overhead. In addition to formalizing and analyzing these specific protocols, we carry out a general analysis of broadcast authentication protocols based on delayed key disclosure. This analysis uncovers fundamental limitations of this class of protocols in terms of the required accuracy of message propagation time estimations and of time synchronization, if the protocols are to guarantee security and run efficiently.

Recent studies show that network coding can provide significant benefits to network protocols, such as increased throughput, reduced network congestion, higher reliability, and lower power consumption. The core principle of network coding is that intermediate nodes actively mix input packets to produce output packets. This mixing subjects network coding systems to a severe security threat, known as a pollution attack, where attacker nodes inject corrupted packets into the network. Corrupted packets propagate in an epidemic manner, depleting network resources and significantly decreasing throughput. Pollution attacks are particularly dangerous in wireless networks, where attackers can easily inject packets or compromise devices due to the increased network vulnerability. In this paper, we address pollution attacks against network coding systems in wireless mesh networks. We demonstrate that previous

Abstract — Sensor networks have become popular in the recent years due to their wide range of application. A fundamental building block in distributed wireless sensor networks is Time Synchronization. Because sensor nodes may be severely resourceconstrained, traditional time-synchronization protocols cannot be used in sensor networks. Various energy efficient timesynchronization protocols tailored for such networks have been proposed in the recent years. However, none of these protocols have been designed with security in mind. If an adversary were able to compromise a node, he might prevent a network from effectively executing certain applications, such as sensing or tracking an object, or he might even disable the network by disrupting a fundamental service such as a TDMA-based channelsharing scheme. In this paper we give a detailed explanation of the Flooding Time Synchronization protocol and outline the possible attacks on this protocol. To motivate our work, we briefly discuss how different sensor network applications that are affected by time synchronization attacks. Finally, we propose some statistical countermeasures, as opposed to cryptographic countermeasures, to mitigate the effect of time synchronization attacks. I.

Abstract — This paper considers the problem of selecting a set of relay nodes to assist a transmitting node in a two-hop wireless network. Throughput-maximizing relay subset selection is a difficult problem that depends on variables such as node locations and power constraints. It is proposed that all relays employ partial decode-and-forward operations to improve the tractability of the relay selection problem. This allows relay selection to be transformed into a simpler relay placement problem which motivates two proximity-based relay selection algorithms. These algorithms are compared with a greedy algorithm based on relay channel gains to the destination and an algorithm that randomly selects relays. The diversity gain achieved by employing multiple relay nodes is derived. The proposed proximity-based algorithms offer good performance in terms of the expected achieved rate. I.

Abstract not found

Time synchronization is critical in sensor networks at many layers of their design. It enables better duty-cycling of the radio, accurate and secure localization, beamforming, and other collaborative signal processing tasks. These benefits make time-synchronization protocols a prime target of malicious adversaries who want to disrupt the normal operation of a sensor network. In this article, we analyze attacks on existing time synchronization protocols for wireless sensor networks and we propose a secure time synchronization toolbox to counter these attacks. This toolbox includes protocols for secure pairwise and group synchronization of nodes that either lie in the neighborhood of each other or are separated by multiple hops. We provide an in-depth analysis of the security and the energy overhead of the proposed protocols. The efficiency of these protocols has been tested through an experimental study on Mica2 motes.

Abstract not found