skip to main content
10.1145/1352533.1352536acmconferencesArticle/Chapter ViewAbstractPublication PageswisecConference Proceedingsconference-collections
research-article

Pre-authentication filters: providing dos resistance for signature-based broadcast authentication in sensor networks

Published: 31 March 2008 Publication History

Abstract

Recent studies have demonstrated that it is possible to perform public key cryptographic operations on the resource-constrained sensor platforms. However, the significant resource consumption imposed by public key cryptographic operations makes such mechanisms easy targets of Denial- of Service (DoS) attacks. For example, if digital signatures such as ECDSA are used directly for broadcast authentication without further protection, an attacker can simply broadcast forged packets and force the receiving nodes to perform a large number of unnecessary signature verifications, eventually exhausting their battery power. This paper studies how to deal with such DoS attacks when signatures are used for broadcast authentication in sensor networks. In particular, this paper presents two filtering techniques, a group-based filter and a key chain-based filter, to handle DoS attacks against signature verification. Both methods can significantly reduce the number of unnecessary signature verifications that a sensor node has to perform. The analytical results also show that these two techniques are efficient and effective for resource-constrained sensor networks.

References

[1]
I. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci. Wireless sensor networks: A survey. Computer Networks, 38(4):393--422, 2002.
[2]
H. Chan, A. Perrig, and D. Song. Random key predistribution schemes for sensor networks. In IEEE Symposium on Security and Privacy (S&P), pages 197--213, May 2003.
[3]
Crossbow Technology Inc. MICAz 2.4GHz Wireless Module. http://www.xbow.com/Products/productdetails.aspx?sid=164. Accessed in January 2008.
[4]
L. Eschenauer and V. D. Gligor. A key-management scheme for distributed sensor networks. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), pages 41--47, November 2002.
[5]
N. Gura, A. Patel, and A. Wander. Comparing elliptic curve cryptography and rsa on 8-bit CPUs. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES), August 2004.
[6]
C. Hartung, J. Balasalle, and R. Han. Node compromise in sensor networks: The need for secure systems. Technical Report CU-CS-990-05, U. Colorado at Boulder, Jan. 2005.
[7]
Y. Hu, A. Perrig, and D. Johnson. Packet leashes: A defense against wormhole attacks in wireless ad hoc networks. In Proceedings of INFOCOM, April 2003.
[8]
IEEE Computer Society. IEEE standard for information technology - telecommunications and information exchange between systems - local and metropolitan area networks specific requirements part 15.4: wireless medium access control (MAC) and physical layer (PHY) specifications for low-rate wireless personal area networks (LR-WPANs). IEEE Std 802.15.4-2003, 2003.
[9]
C. Karlof and D. Wagner. Secure routing in wireless sensor networks: Attacks and countermeasures. In Proceedings of 1st IEEE International Workshop on Sensor Network Protocols and Applications, May 2003.
[10]
L. Lazos and R. Poovendran. Serloc: Secure range-independent localization for wireless sensor networks. In ACM workshop on Wireless security (ACM WiSe 2004), Philadelphia, PA, October 1 2004.
[11]
H. Lim and C. Kim. Multicast tree construction and flooding in wireless ad hoc networks. In Proceedings of ACM Modeling, Analysis, and Simulation of Wireless and Mobile Systems, 2000.
[12]
A. Liu and P. Ning. TinyECC: Elliptic curve cryptography for sensor networks. http://discovery.csc.ncsu.edu/software/TinyECC/index.html.
[13]
D. Liu and P. Ning. Establishing pairwise keys in distributed sensor networks. In Proceedings of 10th ACM Conference on Computer and Communications Security (CCS), pages 52--61, October 2003.
[14]
D. J. Malan, M. Welsh, and M. D. Smith. A public-key infrastructure for key distribution in tinyos based on elliptic curve cryptography. In Proceedings of First Annual IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks (IEEE SECON 2004), pages 71--80, 2004.
[15]
J. Newsome, R. Shi, D. Song, and A. Perrig. The sybil attack in sensor networks: Analysis and defenses. In Proceedings of IEEE International Conference on Information Processing in Sensor Networks (IPSN 2004), Apr 2004.
[16]
P. Ning, A. Liu, and W. Du. Mitigating dos attacks against broadcast authentication in wireless sensor networks. ACM Transactions on Sensor Networks (TOSN), 4(1), 2008. To appear.
[17]
B. Parno, A. Perrig, and V. Gligor. Distributed detection of node replication attacks in sensor networks. In IEEE Symposium on Security and Privacy, May 2005.
[18]
W. Peng and X. Lu. On the reduction of broadcast redundancy in mobile ad hoc networks. In Proceedings of ACM International Symposium on Mobile and Ad Hoc Networking and Computing, 2000.
[19]
A. Perrig, R. Szewczyk, V. Wen, D. Culler, and D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of Seventh Annual International Conference on Mobile Computing and Networks (MobiCom), July 2001.
[20]
B. Przydatek, D. Song, and A. Perrig. SIA: Secure information aggregation in sensor networks. In Proceedings of the 1st ACM Conference on Embedded Networked Sensor Systems (SenSys), Nov 2003.
[21]
Texas Instruments Inc. 2.4 GHz IEEE 802.15.4 / ZigBee-ready RF Transceiver. http://focus.ti.com/lit/ds/symlink/cc2420.pdf. Accessed in January 2008.
[22]
H. Wang, B. Sheng, C. C. Tan, and Q. Li. WM-ECC: an Elliptic Curve Cryptography Suite on Sensor Motes. Technical Report WM-CS-2007-11, College of William and Mary, Computer Science, Williamsburg, VA, 2007.
[23]
R. Wang, W. Du, and P. Ning. Containing denial-of-service attacks in broadcast authentication in sensor networks. In MobiHoc '07: Proceedings of the 8th ACM international symposium on Mobile ad hoc networking and computing, pages 71--79, New York, NY, USA, 2007. ACM.
[24]
A. D. Wood and J. A. Stankovic. Denial of service in sensor networks. IEEE Computer, 35(10):54--62, 2002.
[25]
S. Zhu, S. Xu, S. Setia, and S. Ja jodia. LHAP: A lightweight hop-by-hop authentication protocol for ad-hoc networks. In Proceedings of the Workshop on Mobile and Wireless Network (MWN), 2003.

Cited By

View all
  • (2025)Broadcast Authentication from a Conditional PerspectiveEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_629(300-302)Online publication date: 8-Jan-2025
  • (2024)Lightweight Multicast Authentication in NoC-based SoCs2024 25th International Symposium on Quality Electronic Design (ISQED)10.1109/ISQED60706.2024.10528746(1-8)Online publication date: 3-Apr-2024
  • (2018)Smartphone-Assisted Over-Air Reprogramming Based on Visible Light Communication2018 14th International Conference on Mobile Ad-Hoc and Sensor Networks (MSN)10.1109/MSN.2018.00025(109-114)Online publication date: Dec-2018
  • Show More Cited By

Index Terms

  1. Pre-authentication filters: providing dos resistance for signature-based broadcast authentication in sensor networks

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    WiSec '08: Proceedings of the first ACM conference on Wireless network security
    March 2008
    234 pages
    ISBN:9781595938145
    DOI:10.1145/1352533
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 31 March 2008

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. DoS attacks
    2. broadcast authentication
    3. security
    4. sensor networks

    Qualifiers

    • Research-article

    Conference

    WISEC '08
    Sponsor:
    WISEC '08: First ACM Conference on Wireless Network Security
    March 31 - April 2, 2008
    VA, Alexandria, USA

    Acceptance Rates

    Overall Acceptance Rate 98 of 338 submissions, 29%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)2
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 18 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2025)Broadcast Authentication from a Conditional PerspectiveEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_629(300-302)Online publication date: 8-Jan-2025
    • (2024)Lightweight Multicast Authentication in NoC-based SoCs2024 25th International Symposium on Quality Electronic Design (ISQED)10.1109/ISQED60706.2024.10528746(1-8)Online publication date: 3-Apr-2024
    • (2018)Smartphone-Assisted Over-Air Reprogramming Based on Visible Light Communication2018 14th International Conference on Mobile Ad-Hoc and Sensor Networks (MSN)10.1109/MSN.2018.00025(109-114)Online publication date: Dec-2018
    • (2015)Social role-based secure large data objects dissemination in mobile sensing environmentComputer Communications10.1016/j.comcom.2015.02.00765:C(27-34)Online publication date: 1-Jul-2015
    • (2015)SecNRCCConcurrency and Computation: Practice & Experience10.1002/cpe.327727:10(2668-2680)Online publication date: 1-Jul-2015
    • (2013)A Lightweight Multicast Authentication Mechanism for Small Scale IoT ApplicationsIEEE Sensors Journal10.1109/JSEN.2013.226611613:10(3693-3701)Online publication date: Oct-2013
    • (2013)A confidential and DoS-resistant multi-hop code dissemination protocol for wireless sensor networksComputers and Security10.1016/j.cose.2012.09.01232:C(36-55)Online publication date: 1-Feb-2013
    • (2013)Mitigating jamming attacks in wireless broadcast systemsWireless Networks10.1007/s11276-013-0574-019:8(1867-1880)Online publication date: 1-Nov-2013
    • (2012)A Survey on Applied Cryptography in Secure Mobile Ad Hoc Networks and Wireless Sensor NetworksWireless Technologies10.4018/978-1-61350-101-6.ch401(864-892)Online publication date: 2012
    • (2012)Using Auxiliary Sensors for Pairwise Key Establishment in WSNACM Transactions on Embedded Computing Systems10.1145/2345770.234577111:3(1-31)Online publication date: 1-Sep-2012
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media