DARE: evaluating Data Accuracy using node REputation

Typical wireless sensor networks (WSNs) applications are characterized by a certain number of different requirements such as: data accuracy, localization, reputation, security, and confidentiality. Moreover, being often battery powered, WSNs face the challenge of ensuring privacy and security despite power consumption limitations. When the application scenario allows their use, data aggregation techniques can significantly reduce the amount of data exchanged over the wireless link at the price of an increased computational complexity and the potential exposition to data integrity risks in the presence of malicious nodes. In this paper, we propose DARE, an hybrid architecture combining WSNs with the wireless mesh networking paradigm in order to provide secure data aggregation and node reputation in WSNs. Finally, the use of a secure verifiable multilateration technique allows the network to retain the trustworthiness of aggregated data even in the presence of malicious node. Extensive performance evaluations carried out using simulations as well as a real-world prototype implementation, show that DARE can effectively reduce the amount of data exchanged over the wireless medium delivering up to 50% battery lifetime improvement to the wireless sensors.     

A reliable recommendation and privacy-preserving based cross-layer reputation mechanism for mobile cloud computing

Mobile cloud computing (MCC) is gaining popularity due to anywhere anytime data access. However, at the same time it also introduces the new privacy and security threats that have become an obstacle to the widespread use and popularity of MCC. In this paper, we propose a reliable recommendation and privacy preserving based cross-layer reputation mechanism (RP-CRM) to provide secure and privacy-aware communication process in wireless mesh networks (WMNs) based MCC (WM-MCC). RP-CRM integrates the cross-layer design with recommendation reputation reliability evaluation mechanism and the privacy preserving scheme to identify and manage the internal malicious nodes and protect the security and privacy against internal multi-layer attack, bad mouthing attack and information disclosure attack. Simulation results and performance analysis demonstrate that RP-CRM can provide rapid and accurate malicious node identification and management, and provide security and privacy protection against aforementioned attacks more effectively and efficiently.     

Management and applications of trust in Wireless Sensor Networks: A survey

Wireless Sensors Networks (WSNs) are susceptible to many security threats, and because of communication, computation and delay constraints of WSNs, traditional security mechanisms cannot be used. Trust management models have been recently suggested as an effective security mechanism for WSNs. Considerable research has been done on modeling and managing trust. In this paper, we present a detailed survey on various trust models that are geared towards WSNs. Then, we analyze various applications of trust models. They are malicious attack detection, secure routing, secure data aggregation, secure localization and secure node selection. In addition, we categorize various types of malicious attacks against trust models and analyze whether the existing trust models can resist these attacks or not. Finally, based on all the analysis and comparisons, we list several trust best practices that are essential for developing a robust trust model for WSNs.     

Enhanced Security with Improved Defensive Routing Mechanism in Wireless Sensor Networks

In recent scenario of Wireless Sensor Networks (WSNs), there are many application developed for handling sensitive and private data such as military information, surveillance data, tracking, etc. Hence, the sensor nodes of WSNs are distributed in an intimidating region, which is non-rigid to attacks. The recent research domains of WSN deal with models to handle the WSN communications against malicious attacks and threats. In traditional models, the solution has been made for defending the networks, only to specific attacks. However, in real-time applications, the kind of attack that is launched by the adversary is not known. Additionally, on developing a security mechanism for WSN, the resource constraints of sensor nodes are also to be considered. With that note, this paper presents an Enhanced Security Model with Improved Defensive Routing Mechanism (IDRM) for defending the sensor network from various attacks. Moreover, for efficient model design, the work includes the part of feature evaluation of some general attacks of WSNs. The IDRM also includes determination of optimal secure paths and Node security for secure routing operations. The performance of the proposed model is evaluated with respect to several factors; it is found that the model has achieved better security levels and is efficient than other existing models in WSN communications. It is proven that the proposed IDRM produces 74% of PDR in average and a minimized packet drop of 38% when comparing with the existing works.     

Location-Aware Combinatorial Key Management Scheme for Clustered Sensor Networks

Recent advances in wireless sensor networks (WSNs) are fueling the interest in their application in a wide variety of sensitive settings such as battlefield surveillance, border control, and infrastructure protection. Data confidentiality and authenticity are critical in these settings. However, the wireless connectivity, the absence of physical protection, the close interaction between WSNs and their physical environment, and the unattended deployment of WSNs make them highly vulnerable to node capture as well as a wide range of network-level attacks. Moreover, the constrained energy, memory, and computational capabilities of the employed sensor nodes limit the adoption of security solutions designed for wire-line and wireless networks. In this paper, we focus on the management of encryption keys in large-scale clustered WSNs. We propose a novel distributed key management scheme based on Exclusion Basis Systems (EBS); a combinatorial formulation of the group key management problem. Our scheme is termed SHELL because it is Scalable, Hierarchical, Efficient, Location-aware, and Light-weight. Unlike most existing key management schemes for WSNs, SHELL supports rekeying and, thus, enhances network security and survivability against node capture. SHELL distributes key management functionality among multiple nodes and minimizes the memory and energy consumption through trading off the number of keys and rekeying messages. In addition, SHELL employs a novel key assignment scheme that reduces the potential of collusion among compromised sensor nodes by factoring the geographic location of nodes in key assignment. Simulation results demonstrate that SHELL significantly boosts the network resilience to attacks while conservatively consuming nodes' resources.     

Detecting node replication attacks in wireless sensor networks: A survey

A wireless sensor network (WSN) consists of a number of tiny, low-cost, and resource-constrained sensor nodes, but is often deployed in unattended and harsh environments to perform various monitoring tasks. As a result, WSNs are susceptible to many application-dependent and application-independent attacks. In this paper we consider a typical threat in the latter category known as the node replication attack, where an adversary prepares her own low-cost sensor nodes and deceives the network into accepting them as legitimate ones. To do so, the adversary only needs to physically capture one node, extract its secret credentials, reproduce the node in large quantity, and then deploy the replicas under her control into the network, possibly at strategic positions, to cripple various WSN applications with little effort. Defending against such node replication attacks has recently become an imperative research topic in sensor network security, and the design issues may involve different and more threatening challenges than detecting typical application-dependent attacks. In this survey, we classify existent detections in the literature, and explore the various proposals in each category. We look into necessary technical details and make certain comparisons, so as to demonstrate their respective contributions as well as limitations. We also present the technical challenges and indicate some possible directions for future research.     

SCOUT: a sink camouflage and concealed data delivery paradigm for circumvention of sink-targeted cyber threats in wireless sensor networks

In modern epoch of cyber warfare and their countermeasures, wireless sensor networks (WSNs) are highly susceptible to cyber attacks due to their primary reliance over sink. WSNs perform routing and communication to deliver data from sources to sink. In this many-to-one communication paradigm, while some failure might be affordable at the many sources side, the single sink cannot be allowed any downtime, let alone be a failure. In a WSN security attack scenario, an attacker makes efforts to bring a sink down by identifying and capturing it. The current state of the art in sink protection schemes prevents such failures by preserving its privacy through letting it operate in promiscuous and all-the-time listening mode. However, such operation is still vulnerable to privacy divulgence because the attacker detects its all-the-time listening operation and identifies it. Furthermore, listening is an energy-expensive operation in WSNs that makes the sink battery die very quickly. In this paper, we propose a new sink privacy preservation scheme that defines the role of cooperating nodes. These cooperating nodes create a camouflage around the sink such that the location of the sink is never revealed. Such operational dispositioning reduces the susceptibility of WSNs generally and sink, particularly against the sink-targeted cyber attacks. Since the sink adopts sleep schedule, our scheme is energy efficient as well.     

面向无线传感器网络的分层路由信任模型

针对无线传感器网络内部不能有效地检测出恶意节点攻击所引发的安全问题,提出一种面向无线传感器网络分层路由的信任模型。该模型能发现来自网络内部攻击的恶意节点并将其排除,提高了无线传感器网络的安全性能。实验结果表明,与TLEACH协议相比,在恶意节点攻击时,该模型的敏感性提高了5%,信任值幅度增加了10%。     

Detecting Sybil attacks in Wireless Sensor Networks using neighboring information

As the prevalence of Wireless Sensor Networks (WSNs) grows in the military and civil domains, the need for network security has become a critical concern. In a Sybil attack, the WSN is subverted by a malicious node which forges a large number of fake identities in order to disrupt the network’s protocols. In attempting to protect WSNs against such an attack, this paper develops a scheme in which the node identities are verified simply by analyzing the neighboring node information of each node. The analytical results confirm the efficacy of the approach given a sufficient node density within the network. The simulation results demonstrate that for a network in which each node has an average of 9 neighbors, the scheme detects 99% of the Sybil nodes with no more than a 4% false detection rate. The experiment result shows that the Sybil nodes can still be identified when the links are not symmetric.     

基于分布式认证的完整性保护数据融合方案

针对无线传感器网络(WSN)数据融合中存在的数据完整性保护问题,在双簇头安全融合（DCSA）方案的基础上,提出一个安全高效的数据融合方案,通过在节点间加入对称密钥,采用分布式验证方法,使节点认证与融合同时进行,在向上融合的过程中立即证实子节点融合数据的完整性。同时,利用红黑簇头的监督特性,能够定位恶意节点,增强抗共谋攻击能力。实验结果表明,所提方案在保证与DCSA相同安全等级的前提下,能够及早检测并丢弃错误数据,提高了完整性检测机制的效率,且具有更低的网络能耗。     

移动群智感知中原始数据隐私保护算法

随着移动智能设备的普及,移动群智感知（MCS）得到广泛应用的同时面临着严重的隐私泄露问题。针对现有的移动群智感知中的原始数据隐私保护方案不能抵御共谋攻击,降低了感知数据可用性的情况,提出一种基于移动节点的数据隐私保护算法（DPPMN）。首先,使用DPPMN中的节点管理器建立在线节点列表并将其发送给源节点,源节点通过列表构建数据传输的匿名路径;然后,使用paillier加密方案加密数据;接着,将密文沿路径上传至应用服务器;最后,服务器解密密文得到所需的感知数据。在数据传输时使用加解密操作,确保了攻击者不能窃听感知数据的内容,且无法沿路径追溯数据的来源。DPPMN能保证应用服务器在不侵犯节点隐私的情况下访问原始数据。理论分析和实验结果表明,DPPMN在增加适当通信量的情况下,具有较高的数据安全性,可以在抵御共谋攻击的同时不影响数据的可用性。     

一种分层式无线传感器网络密钥分配管理方案

当传感器节点部署在开放的、无人照看、无物理保护的环境下,安全问题变得非常重要,即它们极易受到不同类型的恶意攻击.论文针对分层组织的无线传感器网络提出了一种安全的密钥管理方案,这种方案在一个簇中高效地分配密钥并更新预先部署的密钥以减轻对节点的有害攻击.     

A sinkhole resilient protocol for wireless sensor networks: Performance and security analysis

This work focuses on: (1) understanding the impact of selective forwarding attacks on tree-based routing topologies in wireless sensor networks (WSNs), and (2) investigating cryptography-based strategies to limit network degradation caused by sinkhole attacks. The main motivation of our research stems from the following observations. First, WSN protocols that construct a fixed routing topology may be significantly affected by malicious attacks. Second, considering networks deployed in a difficult to access geographical region, building up resilience against such attacks rather than detection is expected to be more beneficial. We thus first provide a simulation study on the impact of malicious attacks based on a diverse set of parameters, such as the network scale and the position and number of malicious nodes. Based on this study, we propose a single but very representative metric for describing this impact. Second, we present the novel design and evaluation of two simple and resilient topology-based reconfiguration protocols that broadcast cryptographic values. The results of our simulation study together with a detailed analysis of the cryptographic overhead (communication, memory, and computational costs) show that our reconfiguration protocols are practical and effective in improving resilience against sinkhole attacks, even in the presence of collusion.     

移动群智感知中原始数据隐私保护算法

随着移动智能设备的普及，移动群智感知（MCS）得到广泛应用的同时面临着严重的隐私泄露问题。针对现有的移动群智感知中的原始数据隐私保护方案不能抵御共谋攻击，降低了感知数据可用性的情况，提出一种基于移动节点的数据隐私保护算法（DPPMN）。首先，使用DPPMN中的节点管理器建立在线节点列表并将其发送给源节点，源节点通过列表构建数据传输的匿名路径；然后，使用paillier加密方案加密数据；接着，将密文沿路径上传至应用服务器；最后，服务器解密密文得到所需的感知数据。在数据传输时使用加解密操作，确保了攻击者不能窃听感知数据的内容，且无法沿路径追溯数据的来源。DPPMN能保证应用服务器在不侵犯节点隐私的情况下访问原始数据。理论分析和实验结果表明，DPPMN在增加适当通信量的情况下，具有较高的数据安全性，可以在抵御共谋攻击的同时不影响数据的可用性。     

基于信誉模型的WSN密钥管理方案

针对无线传感器网络（WSN）的安全问题,结合椭圆曲线密码体制,提出一种基于信誉模型的WSN密钥管理方案。依据Beta分布建立节点信誉模型,采用分布式技术使方案支持节点的移动和密钥的动态管理,以避免分组密钥管理中的单点失效现象。分析结果表明,与E—G和IBC方案相比,该方案不仅能抵御外部节点的攻击,而且能防止内部节点的恶意行为。在保证网络安全的同时,还能提高网络抗毁性和节点连接概率,降低存储与通信开销。     

A collaborative routing protocol against routing disruptions in MANETs

Mobile ad hoc networks (MANETs) are vulnerable to active attacks, such as dropping attacks, replay attacks, collusion attacks, and tampering attacks. Many researches have been proposed to provide security transmission. However, they cannot effectively and efficiently resist colluding attacks. Therefore, we propose a collaborative routing protocol (CRP) to detect and isolate colluding attackers via monitor mechanism. Monitor nodes observe and record the behavior of intermediate nodes. Based on the records of intermediate nodes, source node can distinguish malicious nodes and isolate them. Finally, security analyses and simulation verify that CRP can effectively and efficiently resist black hole attacks, gray hole attacks, modify and fake packet attacks, rushing attacks, and collusion attacks.     

基于分簇的节点复制攻击入侵检测方法

部署于敌对环境的传感器网络,其节点可能被敌方俘获解析并构成恶意节点。再重新布放于网络,对网络进行攻击。针对上述问题,提出一种新的无线传感器网络节点复制攻击检测方法。这种方法将集中检测和分布检测相结合,在分簇传感器网络中分别利用簇头和基站进行复制攻击检测。仿真结果表明:该法克服了单独采用分布检测或集中检测的缺点,其检测率和通信成本均优于分布式方法,其网络生命周期优于集中式方法。     

CHEMAS: Identify suspect nodes in selective forwarding attacks

Selective forwarding attacks may corrupt some mission-critical applications such as military surveillance and forest fire monitoring in wireless sensor networks. In such attacks, most of the time malicious nodes behave like normal nodes but will from time to time selectively drop sensitive packets, such as a packet reporting the movement of the opposing forces, and thereby make it harder to detect their malicious nature. In this paper, we propose CHEMAS (CHEckpoint-based Multi-hop Acknowledgement Scheme), a lightweight security scheme for detecting selective forwarding attacks. Our scheme can randomly select part of intermediate nodes along a forwarding path as checkpoint nodes which are responsible for generating acknowledgements for each packet received. The strategy of random-checkpoint-selection significantly increases the resilience against attacks because it prevents a proportion of the sensor nodes from becoming the targets of attempts to compromise them. In our scheme, each intermediate node in a forwarding path, if it does not receive enough acknowledgements from the downstream checkpoint nodes, has the potential to detect abnormal packet loss and identify suspect nodes. We explore the feasibility of our detection scheme using both theoretical analysis and simulations. The simulation results show that our scheme can achieve a high detection rate, even in harsh radio conditions. The communication overhead incurred by our scheme is also within reasonable bounds.     

基于多元分类的无线传感器网络恶意节点检测算法

无线传感器网络是一个暴露在开放环境中的分布式网络,各节点之间相互独立,缺乏中心节点和监控节点,极易受到恶意节点的攻击.为了对无线传感器网络中的大量传感器节点进行恶意节点检测,提出了一种基于多元分类的恶意节点检测方法.提出的检测方法是在已知少量传感器节点类型的前提下,抽取与已知恶意节点类型相关的传感器节点属性,建立关于全...     

DLRDG: distributed linear regression-based hierarchical data gathering framework in wireless sensor network

For many applications in wireless sensor network (WSN), the gathering of the holistic sensor measurements is difficult due to stringent constraint on network resources, frequent link, indeterminate variations in sensor readings, and node failures. As such, sensory data extraction and prediction technique emerge to exploit the spatio-temporal correlation of measurements and represent samples of the true state of the monitoring area at a minimal communication cost. In this paper, we present DLRDG strategy, a distributed linear regression-based data gathering framework in clustered WSNs. The framework can realize the approximate representation of original sensory data by less than a prespecified threshold while significantly reducing the communication energy requirements. Cluster-head (CH) nodes in WSN maintain linear regression model and use historical sensory data to perform estimation of the actual monitoring measurements. Rather than transmitting original measurements to sink node, CH nodes communicate constraints on the model parameters. Relying on the linear regression model, we improved the CH node function of representative EADEEG (an energy-aware data gathering protocol for WSNs) protocol for estimating the energy consumption of the proposed strategy, under specific settings. The theoretical analysis and experimental results show that the proposed framework can implement sensory data prediction and extracting with tolerable error bound. Furthermore, the designed framework can achieve more energy savings than other schemes and maintain the satisfactory fault identification rate on case of occurrence of the mutation sensor readings.