Practical and secure localization and key distribution for wireless sensor networks

In many applications of wireless sensor networks, sensor nodes are manually deployed in hostile environments where an attacker can disrupt the localization service and tamper with legitimate in-network communication. In this article, we introduce Secure Walking GPS, a practical and cost effective secure localization and key distribution solution for real, manual deployments of WSNs. Using the location information provided by the GPS and inertial guidance modules on a special master node, Secure Walking GPS achieves accurate node localization and location-based key distribution at the same time. We evaluate our localization solution in real deployments of MicaZ. Our experiments show that 100% of the deployed nodes localize (i.e., have a location position) and that the average localization errors are within 1–2 m, due mainly to the limitations of the existing commercial GPS devices. Our further analysis and simulation results indicate that the Secure Walking GPS scheme makes a deployed WSN resistant to the Dolev-Yao, the wormhole, and the GPS-denial attacks, the scheme is practical for large-scale deployments with resource-constrained sensor nodes and has good localization and key distribution performance.     

Privacy preservation in wireless sensor networks: A state-of-the-art survey

Much of the existing work on wireless sensor networks (WSNs) has focused on addressing the power and computational resource constraints of WSNs by the design of specific routing, MAC, and cross-layer protocols. Recently, there have been heightened privacy concerns over the data collected by and transmitted through WSNs. The wireless transmission required by a WSN, and the self-organizing nature of its architecture, makes privacy protection for WSNs an especially challenging problem. This paper provides a state-of-the-art survey of privacy-preserving techniques for WSNs. In particular, we review two main categories of privacy-preserving techniques for protecting two types of private information, data-oriented and context-oriented privacy, respectively. We also discuss a number of important open challenges for future research. Our hope is that this paper sheds some light on a fruitful direction of future research for privacy preservation in WSNs.     

Elliptic key cryptography with Beta Gamma functions for secure routing in wireless sensor networks

Wireless Networks - The security of data communicated through wireless networks is a challenging issue due to the presence of malicious and unauthenticated users whose intention is either to...     

An efficient heterogeneous key management approach for secure multicast communications in ad hoc networks

In a mobile wireless ad hoc network, mobile nodes cooperate to form a network without using any infrastructure such as access points or base stations. Instead, the mobile nodes forward packets for each other, allowing communication among nodes outside wireless transmission range. As the use of wireless networks increases, security in this domain becomes a very real concern. One fundamental aspect of providing confidentiality and authentication is key distribution. While public-key encryption has provided these properties historically, ad hoc networks are resource constrained and benefit from symmetric key encryption. In this paper, we propose a new key management mechanism to support secure group multicast communications in ad hoc networks. The scheme proposes a dynamic construction of hierarchical clusters based on a novel density function adapted to frequent topology changes. The presented mechanism ensures a fast and efficient key management with respect to the sequential 1 to n multicast service.     

A state-of-the-art survey on wireless rechargeable sensor networks: perspectives and challenges

Wireless Networks - Wireless rechargeable sensor network (WRSN) is an emerging technology that has risen intending to enhance network lifetime of the conventional wireless sensor networks (WSNs)....     

Location dependent key management in sensor networks without using deployment knowledge

In this paper we propose an approach for key management in sensor networks which takes the location of sensor nodes into consideration while deciding the keys to be deployed on each node. As a result, this approach not only reduces the number of keys that have to be stored on each sensor node but also provides for the containment of node compromise. Thus compromise of a node in a location affects the communications only around that location. This approach which we call as location dependent key management does not require any knowledge about the deployment of sensor nodes. The proposed scheme starts off with loading a single key on each sensor node prior to deployment. The actual keys are then derived from this single key once the sensor nodes are deployed. The proposed scheme allows for additions of sensor nodes to the network at any point in time. We study the proposed scheme using both analysis and simulations and point out the advantages.     

SeRWA: A secure routing protocol against wormhole attacks in sensor networks

A wormhole attack is particularly harmful against routing in sensor networks where an attacker receives packets at one location in the network, tunnels and then replays them at another remote location in the network. A wormhole attack can be easily launched by an attacker without compromising any sensor nodes. Since most of the routing protocols do not have mechanisms to defend the network against wormhole attacks, the route request can be tunneled to the target area by the attacker through wormholes. Thus, the sensor nodes in the target area build the route through the attacker. Later, the attacker can tamper the data, messages, or selectively forward data messages to disrupt the functions of the sensor network. Researchers have used some special hardware such as the directional antenna and the precise synchronized clock to defend the sensor network against wormhole attacks during the neighbor discovery process. In this paper, we propose a Secure Routing protocol against wormhole attacks in sensor networks (SeRWA). SeRWA protocol avoids using any special hardware such as the directional antenna and the precise synchronized clock to detect a wormhole. Moreover, it provides a real secure route against the wormhole attack. Simulation results show that SeRWA protocol only has very small false positives for wormhole detection during the neighbor discovery process (less than 10%). The average energy usage at each node for SeRWA protocol during the neighbor discovery and route discovery is below 25 mJ, which is much lower than the available energy (15 kJ) at each node. The cost analysis shows that SeRWA protocol only needs small memory usage at each node (below 14 kB if each node has 20 neighbors), which is suitable for the sensor network.     

H-SPREAD: a hybrid multipath scheme for secure and reliable data collection in wireless sensor networks

Communication security and reliability are two important issues in any network. A typical communication task in a wireless sensor network is for every sensor node to sense its local environment, and upon request, send data of interest back to a base station (BS). In this paper, a hybrid multipath scheme (H-SPREAD) to improve both the security and reliability of this task in a potentially hostile and unreliable wireless sensor network is proposed. The new scheme is based on a distributed N-to-1 multipath discovery protocol, which is able to find multiple node-disjoint paths from every sensor node to the BS simultaneously in one route discovery process. Then, a hybrid multipath data collection scheme is proposed. On the one hand, end-to-end multipath data dispersion, combined with secret sharing, enhances the security of the end-to-end data delivery in the sense that the compromise of a small number of paths will not result in the compromise of a data message in the face of adversarial nodes. On the other hand, in the face of unreliable wireless links and/or sensor nodes, alternate path routing available at each sensor node improves the reliability of each packet transmission significantly. The extensive simulation results show that the hybrid multipath scheme is very efficient in improving both the security and reliability of the data collection service seamlessly.     

eeTMFO/GA: a secure and energy efficient cluster head selection in wireless sensor networks

Telecommunication Systems - Proliferation of technologies in wireless sensor networks is grabbing huge attention across scientific community due to its vast coverage in real life applications. It...     

Reactive and adaptive monitoring to secure aggregation in wireless sensor networks

Data aggregation is considered as one of the fundamental distributed data processing procedures for saving the energy and minimizing the medium access layer contention in wireless sensor networks. However, sensor networks are likely to be deployed in an untrusted environment, which make them vulnerable against several attacks. A compromised node may forge arbitrary aggregation value and mislead the base station into trusting a false reading. Secure in-network aggregation can detect such manipulation. But, as long as such subversive activity is, reliable aggregation result can not be obtained. In contrast, the collection of individual sensor node values is robust and solves the problem of availability, but in an inefficient way. Our work seeks to bridge this gap in secure data collection. We propose a framework that enhances availability with efficiency close to that of in-network aggregation avoiding over-reliance on sensors. To achieve this, we design a scheme that is built on one core concept: no trust is supposed in any sensor. Therefore, we design a two hierarchical levels of monitoring to ensure the integrity and the accuracy of aggregate result, only when necessary, i.e. only when malicious activities are detected. Relying on this new type of monitoring mechanism, the framework has the ability to recover from aggregator failure without neglecting energy efficiency, providing thus much higher availability than other security protocols.     

SAKE: Software attestation for key establishment in sensor networks

This paper presents a protocol called Software Attestation for Key Establishment (SAKE), for establishing a shared key between any two neighboring nodes of a sensor network. SAKE guarantees the secrecy and authenticity of the key that is established, without requiring any prior authentic or secret cryptographic information in either node. In other words, the attacker can read and modify the entire memory contents of both nodes before SAKE executes. Further, to the best of our knowledge, SAKE is the only protocol that can perform key re-establishment after sensor nodes are compromised, because the presence of the attacker’s code in the memory of either protocol participant does not compromise the security of SAKE. Also, the attacker can perform any active or passive attack using an arbitrary number of malicious, colluding nodes. SAKE does not require any hardware modification to the sensor nodes, human mediation, or secure side channels. However, we do assume the setting of a computationally-limited attacker that does not introduce its own computationally-powerful nodes into the sensor network.SAKE is based on Indisputable Code Execution (ICE), a primitive we introduce in previous work to dynamically establish a trusted execution environment on a remote, untrusted sensor node.     

Querying sensor networks using ad hoc mobile devices: A two-layer networking approach

An interplay between mobile devices and static sensor nodes is envisioned in the near future. This will enable a heterogeneous design space that can offset the stringent resource and power constraints encountered in traditional static sensor networks by taking advantage of the more powerful mobile devices. We present a systematic framework for end-to-end query processing, using a two-layer architecture that consists of mobile devices at the upper layer and static sensor nodes at the bottom layer. The framework employs a “PULL” query model that contains staged operations including query generation, query routing, query injection, and query result routing. Each of these stages of query processing is discussed with an emphasis on techniques for energy-efficient query injection and query result routing with location-ignorant sensor nodes. The techniques leverage the mobility and transmission flexibility of mobile objects at the upper layer. Numeric and simulation results are provided to support the proposed methods.     

Rational function distribution in computer system architectures: key to stable and secure platforms

Many problems faced in implementing computer-based system applications are related to the deployment of commercially available general-purpose computer system platforms. In the provisioning application software products and services, the platforms have often proven to be the most unreliable, costly, and risk-laden system element. There are historical reasons for the current problems that must be understood in order to map out a path for a future where stable and secure platforms can be provided as reliable commercially available system elements. This paper extends a model of function distribution between various hardware and software levels from a previously published result (Lawson, "Function distribution in computer system architectures," presented at the 3rd Annu. Symp. Computer Architecture, 1976). After a review of the revised model, related principles are "reapplied" to the current situation. Alternative paths that can lead to stable and secure computer platforms via the rational distribution of functions are presented. Finally, the need for as well as the potential impact of autonomic computing is described.     

Achieving robust message authentication in sensor networks: a public-key based approach

Given the extremely limited hardware resources on sensor nodes and the inclement deploying environment, the adversary Denial-of-Service (DoS) attack becomes a serious security threat toward wireless sensor networks. Without adequate defense mechanism, the adversary can simply inundate the network by flooding the bogus data packets, and paralyze the partial or whole sensor network by depleting node battery power. Prior work on false packet filtering in sensor networks are mostly based on symmetric key schemes, with the concern that the public key operations are too expensive for the resource constrained sensors. Recent progress in public key implementations on sensors, however, has shown that public key is already feasible for sensors. In this paper, we present PDF, a Public-key based false Data Filtering scheme that leverages Shamir’s threshold cryptography and Elliptic Curve Cryptography (ECC), and effectively rejects 100% of false data packets. We evaluate PDF by real world implementation on MICAz motes. Our experiment results support the conclusion that PDF is practical for real world sensor deployment.     

Mobile-agent-based collaborative signal and information processing in sensor networks

In this paper, we develop an energy-efficient, fault-tolerant approach for collaborative signal and information processing (CSIP) among multiple sensor nodes using a mobile-agent-based computing model. In this model, instead of each sensor node sending local information to a processing center for integration, as is typical in client/server-based computing, the integration code is moved to the sensor nodes through mobile agents. The energy efficiency objective and the fault tolerance objective always conflict with each other and present unique challenge to the design of CSIP algorithms. In general, energy-efficient approaches try to limit the redundancy in the algorithm so that minimum amount of energy is required for fulfilling a certain task. On the other hand, redundancy is needed for providing fault tolerance since sensors might be faulty, malfunctioning, or even malicious. A balance has to be struck between these two objectives. We discuss the potential of mobile-agent-based collaborative processing in providing progressive accuracy while maintaining certain degree of fault tolerance. We evaluate its performance compared to the client/server-based collaboration from perspectives of energy consumption and execution time through both simulation and analytical study. Finally, we take collaborative target classification as an application example to show the effectiveness of the proposed approach.     

One-way hash chain-based self-healing group key distribution scheme with collusion resistance capability in wireless sensor networks

In order to resolve the collusion resistance problem in the one-way hash chain-based self-healing group key distribution schemes and improve the performance of previous self-healing group key distribution schemes, we propose a self-healing group key distribution scheme based on the revocation polynomial and a special one-way hash key chain for wireless sensor networks (WSNs) in this paper. In our proposed scheme, by binding the time at which the user joins the group with the capability of recovering previous group session keys, a new method is addressed to provide the capability of resisting the collusion attack between revoked users and new joined users, and a special one-way hash chain utilization method and some new methods to construct the personal secret, the revocation polynomial and the key updating broadcast packet are presented. Compared with existing schemes under same conditions, our proposed scheme not only supports more revoked users and sessions, but also provides a stronger security. Moreover, our proposed scheme reduces the communication overhead, and is especially suited for a large scale WSN in bad environments where a strong collusion attack resistance capability is required and many users will be revoked.     

A new fuzzy logic approach for reliable communications in wireless underground sensor networks

Wireless Networks - Nowadays, the exploitation of Wireless Underground Sensor Networks (WUSNs) remains challenging because of the attenuation of wireless underground communications. This issue...