Results 1 - 10
of
51
Sensor network security: A survey
- IEEE Commun. Surveys Tutorials
, 2009
"... Abstract—Wireless sensor networks (WSNs) use small nodes with constrained capabilities to sense, collect, and disseminate information in many types of applications. As sensor networks become wide-spread, security issues become a central concern, especially in mission-critical tasks. In this paper, w ..."
Abstract
-
Cited by 65 (0 self)
- Add to MetaCart
(Show Context)
Abstract—Wireless sensor networks (WSNs) use small nodes with constrained capabilities to sense, collect, and disseminate information in many types of applications. As sensor networks become wide-spread, security issues become a central concern, especially in mission-critical tasks. In this paper, we identify the threats and vulnerabilities to WSNs and summarize the defense methods based on the networking protocol layer analysis first. Then we give a holistic overview of security issues. These issues are divided into seven categories: cryptography, key manage-ment, attack detections and preventions, secure routing, secure location security, secure data fusion, and other security issues. Along the way we analyze the advantages and disadvantages of
On broadcast authentication in wireless sensor networks
- In International Conference on Wireless Algorithms, Systems, and Applications (WASA 2006
, 2006
"... Abstract — Broadcast authentication is a critical security service in wireless sensor networks (WSNs), as it allows the mobile users of WSNs to broadcast messages to multiple sensor nodes in a secure way. Although symmetric-keybased solutions such as µTESLA and multilevel µTESLA have been proposed, ..."
Abstract
-
Cited by 45 (5 self)
- Add to MetaCart
(Show Context)
Abstract — Broadcast authentication is a critical security service in wireless sensor networks (WSNs), as it allows the mobile users of WSNs to broadcast messages to multiple sensor nodes in a secure way. Although symmetric-keybased solutions such as µTESLA and multilevel µTESLA have been proposed, they all suffer from severe energydepletion attacks resulting from the nature of delayed message authentication. This paper presents several efficient public-key-based schemes to achieve immediate broadcast authentication and thus avoid the security flaw inherent in the µTESLA-like schemes. Our schemes are built upon the unique integration of several cryptographic techniques, including the Bloom filter, the partial message recovery signature scheme and the Merkle hash tree. We prove the effectiveness and efficiency of the proposed schemes by a comprehensive quantitative analysis of their energy consumption in both computation and communication. I.
Dependable and Secure Sensor Data Storage with Dynamic Integrity Assurance
- Proc. IEEE INFOCOM, Apr. 2009. 684 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL
, 2011
"... Abstract—Recently, distributed data storage has gained in-creasing popularity for efficient and robust data management in wireless sensor networks (WSNs). But the distributed architecture also makes it challenging to build a highly secure and dependable yet lightweight data storage system. On the on ..."
Abstract
-
Cited by 40 (9 self)
- Add to MetaCart
Abstract—Recently, distributed data storage has gained in-creasing popularity for efficient and robust data management in wireless sensor networks (WSNs). But the distributed architecture also makes it challenging to build a highly secure and dependable yet lightweight data storage system. On the one hand, sensor data are subject to not only Byzantine failures, but also dynamic pollu-tion attacks, as along the time the adversary may modify/pollute the stored data by compromising individual sensors. On the other hand, the resource-constrained nature of WSNs precludes the applicability of heavyweight security designs. To address the challenges, we propose a novel dependable and secure data storage scheme with dynamic integrity assurance in this paper. Based on the principle of secret sharing and erasure coding, we first propose a hybrid share generation and distribution scheme to achieve reliable and fault-tolerant initial data storage by providing redundancy for original data components. To further dynamically ensure the integrity of the distributed data shares, we then propose an efficient data integrity verification scheme exploiting the technique of algebraic signatures. The proposed scheme enables individual sensors to verify in one protocol execution all the pertaining data shares simultaneously in the absence of the original data. Extensive security and performance analysis shows that the proposed schemes have strong resistance against various attacks and are practical for WSNs. I.
Secure range queries in tiered sensor networks
- in Proc. IEEE INFOCOM, 2009,pp
"... Abstract—We envision a two-tier sensor network which consists of resource-rich master nodes at the upper tier and resource-poor sensor nodes at the lower tier. Master nodes collect data from sensor nodes and answer the queries from the network owner. The reliance on master nodes for data storage and ..."
Abstract
-
Cited by 25 (6 self)
- Add to MetaCart
(Show Context)
Abstract—We envision a two-tier sensor network which consists of resource-rich master nodes at the upper tier and resource-poor sensor nodes at the lower tier. Master nodes collect data from sensor nodes and answer the queries from the network owner. The reliance on master nodes for data storage and query processing raises concerns about both data confidentiality and query-result correctness in hostile environments. In particular, a compromised master node may leak hosted sensitive data to the adversary; it may also return juggled or incomplete data in response to a query. This paper presents a novel spatiotemporal crosscheck approach to ensure secure range queries in event-driven two-tier sensor networks. It offers data confidentiality by preventing master nodes from reading hosted data and also enables efficient range-query processing. More importantly, it allows the network owner to verify with very high probability whether a query result is authentic and complete by examining the spatial and temporal relationships among the returned data. The high efficacy and efficiency of our approach are confirmed by detailed performance evaluations. I.
Fdac: Toward fine-grained distributed data access control in wireless sensor networks
- IEEE Transactions on Parallel and Distributed Systems
, 2011
"... Abstract—Distributed sensor data storage and retrieval have gained increasing popularity in recent years for supporting various applications. While distributed architecture enjoys a more robust and fault-tolerant wireless sensor network (WSN), such architecture also poses a number of security challe ..."
Abstract
-
Cited by 18 (2 self)
- Add to MetaCart
(Show Context)
Abstract—Distributed sensor data storage and retrieval have gained increasing popularity in recent years for supporting various applications. While distributed architecture enjoys a more robust and fault-tolerant wireless sensor network (WSN), such architecture also poses a number of security challenges especially when applied in mission-critical applications such as battlefield and e-healthcare. First, as sensor data are stored and maintained by individual sensors and unattended sensors are easily subject to strong attacks such as physical compromise, it is significantly harder to ensure data security. Second, in many mission-critical applications, fine-grained data access control is a must as illegal access to the sensitive data may cause disastrous results and/or be prohibited by the law. Last but not least, sensor nodes usually are resource-constrained, which limits the direct adoption of expensive cryptographic primitives. To address the above challenges, we propose, in this paper, a distributed data access control scheme that is able to enforce fine-grained access control over sensor data and is resilient against strong attacks such as sensor compromise and user colluding. The proposed scheme exploits a novel cryptographic primitive called attribute-based encryption (ABE), tailors, and adapts it for WSNs with respect to both performance and security requirements. The feasibility of the scheme is demonstrated by experiments on real sensor platforms. To our best knowledge, this paper is the first to realize distributed fine-grained data access control for WSNs. Index Terms—Data access control, wireless sensor network, distributed storage, attribute-based encryption. Ç
A simple non-interactive pairwise key establishment scheme in sensor networks
- in Proc. IEEE Communications Society Conf. Sensor, Mesh and Ad Hoc Communications and Networks (SECON
, 2009
"... Abstract—As a security primitive, key establishment plays the most crucial role in the design of the security mechanisms. Un-fortunately, the resource limitation of sensor nodes poses a great challenge for designing an efficient and effective key establishment scheme for wireless sensor networks (WS ..."
Abstract
-
Cited by 14 (7 self)
- Add to MetaCart
(Show Context)
Abstract—As a security primitive, key establishment plays the most crucial role in the design of the security mechanisms. Un-fortunately, the resource limitation of sensor nodes poses a great challenge for designing an efficient and effective key establishment scheme for wireless sensor networks (WSNs). In spite of the fact that many elegant and clever solutions have been proposed, no practical key establishment scheme has emerged. In this paper, a ConstrAined Random Perturbation-based pairwise keY establish-ment (CARPY) scheme and its variant, a CARPY+ scheme, for WSNs, are presented. Compared to all existing schemes which satisfy only some requirements in so-called sensor-key criteria, including 1) resilience to the adversary’s intervention, 2) di-rected and guaranteed key establishment, 3) resilience to network configurations, 4) efficiency, and 5) resilience to dynamic node deployment, the proposed CARPY+ scheme meets all require-
Secure and fault-tolerant event boundary detection in wireless sensor networks
- IEEE Transactions on Wireless Communications
, 2008
"... Abstract — Event boundary detection is in and of itself a useful application in wireless sensor networks (WSNs). Typically, it includes the detection of a large-scale spatial phenomenon such as the transportation front line of a contamination or the diagnosis of network health. In this paper, we pre ..."
Abstract
-
Cited by 12 (0 self)
- Add to MetaCart
(Show Context)
Abstract — Event boundary detection is in and of itself a useful application in wireless sensor networks (WSNs). Typically, it includes the detection of a large-scale spatial phenomenon such as the transportation front line of a contamination or the diagnosis of network health. In this paper, we present SEBD, a fully distributed and light-weight Secure Event Boundary Detection scheme, which implements secure and fault-tolerant detection of event boundaries in an adversarial environment. An efficient key establishment protocol is first proposed which establishes location based keys at each sensor node to secure the communications. The idea of location-based keys also effectively minimizes the impact of node compromise such that a compromised node cannot impersonate other nodes at locations other than where it is. Then a collaborative endorsement scheme is designed to allow multiple nodes collectively endorsing a valid boundary claim for increased resilience against node compromise. SEBD further develops an enhanced (nonparametric) statistical model that supports localized detection and shows a much better accuracy and fault tolerance property as compared to previous models. The security strength and performance of SEBD are evaluated by both analysis and simulations. Index Terms — Security, wireless sensor network, event bound-ary detection. I.
Security Services in Wireless Sensor Networks Using Sparse Random Coding
"... Abstract — The task of providing security services for wireless sensor networks is not trivial due to the resource constraints of the sensor nodes. An adversary may launch a wide range of attacks including eavesdropping, message forgery, packet dropping, and noise injection. In this paper, we propos ..."
Abstract
-
Cited by 10 (0 self)
- Add to MetaCart
(Show Context)
Abstract — The task of providing security services for wireless sensor networks is not trivial due to the resource constraints of the sensor nodes. An adversary may launch a wide range of attacks including eavesdropping, message forgery, packet dropping, and noise injection. In this paper, we propose random coding security (RCS) that provides protection against all the aforementioned attacks. For this purpose, the proposed protocol makes extensive use of node collaboration and data redundancy. Moreover, using location information, we both localize adversarial activities to the area under attack and enhance routing the data toward the sink. The objectives of using the novel idea of sparse random coding in RCS are twofold. First, every node generates correlated data by calculating random linear combinations of the received packets. Hence, the availability of the data at the receiver is guaranteed with a high probability. The second advantage is the feasibility of implementing the RCS in the real case scenario in which the communication media between the sensors is usually modeled as the erasure channel. The existing protocols cannot be trivially modified to suit this realistic situation. In the overall, RCS provides many security services with computation and communication overheads comparable with other schemes. I.
Modeling secure connectivity of selforganized wireless ad hoc networks
- in IEEE INFOCOM
"... Abstract—Wireless ad hoc networks (WANETs) offer commu-nications over a shared wireless channel without any pre-existing infrastructure. Forming peer-to-peer security associations in self-organized WANETs is more challenging than in conventional networks due to the lack of central authorities. In th ..."
Abstract
-
Cited by 7 (2 self)
- Add to MetaCart
(Show Context)
Abstract—Wireless ad hoc networks (WANETs) offer commu-nications over a shared wireless channel without any pre-existing infrastructure. Forming peer-to-peer security associations in self-organized WANETs is more challenging than in conventional networks due to the lack of central authorities. In this paper, we propose a generic model to evaluate the relationship of connectivity, memory size, communication overhead and security in fully self-organized WANETs. Based on some reasonable as-sumptions on node deployment and mobility, we show that when the average number of authenticated neighbors of each node is Θ(1), with respect to the network size n, most of the nodes can be securely connected, forming a connected secure backbone, i.e., the secure network percolates. This connected secure backbone can be utilized to break routing-security dependency loop, and provide enough derived secure links connecting isolated nodes with the secure backbone in a multi-hop fashion, which leads to the secure connectivity of the whole network. I.
Secure and efficient multicast in wireless sensor networks allowing ad hoc group formation
- IEEE Trans. Veh. Tech
, 2009
"... Abstract—Multicast security is one of the most important security services in wireless sensor networks (WSNs) since it enables a sink to multicast messages to sensors in a secure man-ner. While multicast authentication has widely been addressed in the literature, the problem of multicast encryption ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
(Show Context)
Abstract—Multicast security is one of the most important security services in wireless sensor networks (WSNs) since it enables a sink to multicast messages to sensors in a secure man-ner. While multicast authentication has widely been addressed in the literature, the problem of multicast encryption still remains open in WSNs. In this paper, we propose a multicast encryption scheme called global-partition, local-diffusion (GPLD) that focuses on scheme efficiency and supports various multicast group seman-tics. GPLD partitions sensors into a series of elementary groups using their location and class information and accordingly builds a location-class-aware symmetric key management framework. Furthermore, the scheme leverages the fact that sensors are both end receivers and routers, which effectively minimizes global (sink-to-sensor) group key distribution and rekeying traffic while supporting various multicast group semantics. The efficiency and security properties of GPLD are justified through both analysis and simulations. Index Terms—Efficiency, encryption, location, multicast secu-rity, rekey traffic, sensor networks. I.
