skip to main content
10.1145/1514274.1514308acmconferencesArticle/Chapter ViewAbstractPublication PageswisecConference Proceedingsconference-collections
research-article

A confidential and DoS-resistant multi-hop code dissemination protocol for wireless sensor networks

Published: 16 March 2009 Publication History

Abstract

Code dissemination protocols provide a convenient way to update program images via wireless communication. Due to the open environment in which Wireless Sensor Networks (WSNs) are typically deployed, it is important that a code dissemination protocol ensures that a program image update can be authenticated as coming from a trusted source. In some applications it is also required that the data be kept confidential in spite of the possibility of message interception. Authentication and confidentiality are implemented through cryptographic operations which may be expensive in power consumption, making a protocol with these features vulnerable to attack by an adversary who transmits forged data, forcing nodes to waste energy in identifying it as invalid i.e., a signature-based DoS attack). Additionally, in multi-hop dissemination protocols, each sensor node is required to broadcast its program image when requested by its neighbors. An adversary could repeatedly send spurious program image requests to its neighbors, making them exhaust their energy reserves i.e., request-based DoS attack). In this paper, we present a new approach to achieve confidentiality in multi-hop code dissemination. We propose counter-measures against both types of DoS attacks mentioned above. To our knowledge, we are the first to integrate confidentiality and DoS-attack-resistance in a multi-hop code dissemination protocol. Our approach is based on Deluge, an open source, state-of-the-art code dissemination protocol for WSNs. In addition, We provide a performance evaluation in terms of latency and energy consumption in our scheme, compared with the original Deluge and the existing secure Deluge.

References

[1]
I. F. Akyildiz, Weilian Su, Y. Sankarasubramaniam, and E. Cayirci. A survey on sensor networks. Communications Magazine, IEEE, 40(8):102--114, 2002.
[2]
Jonathan W. Hui and David Culler. The dynamic behavior of a data dissemination protocol for network programming at scale. In SenSys '04, pages 81--94, New York, NY, USA, 2004. ACM Press.
[3]
T. Stathopoulos, J. Heidemann, and D. Estrin. A remote code update mechanism for wireless sensor networks. In Technical Report CENS-TR-30. UCLA, Center for Embedded Networked Computing, November 2003.
[4]
An Liu and Peng Ning. Tinyecc: A configurable library for elliptic curve cryptography in wireless sensor networks. In IPSN '08, pages 245--256, 2008.
[5]
Prabal K. Dutta, Jonathan W. Hui, David C. Chu, and David E. Culler. Securing the deluge network programming system. In IPSN '06, pages 326--333, New York, NY, USA, 2006. ACM Press.
[6]
P. E. Lanigan, R. Gandhi, and P. Narasimhan. Sluice: Secure dissemination of code updates in sensor networks. In Distributed Computing Systems, 2006. ICDCS 2006. 26th IEEE International Conference on, pages 53--63, 2006.
[7]
Jing Deng, Richard Han, and Shivakant Mishra. Secure code distribution in dynamically programmable wireless sensor networks. In IPSN '06, pages 292--300, New York, NY, USA, 2006. ACM Press.
[8]
Handley and Rescorla. Internet denial-of-service considerations. RFC 4032, November 2006.
[9]
Hailun Tan, Sanjay Jha, Diet Ostry, John Zic, and Vijay Sivaraman. Secure multi-hop network programming with multiple one-way key chains. In WiSec '08: Proceedings of the first ACM conference on Wireless network security, pages 183--193, New York, NY, USA, 2008. ACM.
[10]
J. Shaheen, D. Ostry, V. Sivaraman, and S. Jha. Confidential and secure broadcast in wireless sensor networks. In Personal, Indoor and Mobile Radio Communications, 2007. PIMRC 2007. IEEE 18th International Symposium on, pages 1--5, 2007.
[11]
R. L. Rivest, A. Shamir, and L. M. Adelman. A method FOR OBTAINING DIGITAL SIGNATURES AND PUBLIC-KEY CRYPTOSYSTEMS. Technical Report MIT/LCS/TM-82, 1977.
[12]
Dennis K. Nilsson, Tanya Roosta, Ulf Lindqvist, and Alfonso Valdes. Key management and secure software updates in wireless process control environments. In WiSec '08: Proceedings of the first ACM conference on Wireless network security, pages 100--108, New York, NY, USA, 2008. ACM.
[13]
Sangwon Hyun, Peng Ning, An Liu, and Wenliang Du. Seluge: Secure and dos-resistant code dissemination in wireless sensor networks. In IPSN '08, pages 445--456, 2008.
[14]
Leslie Lamport. Password authentication with insecure communication. Commun. ACM, 24(11):770--772, November 1981.
[15]
Qi Dong, Donggang Liu, and Peng Ning. Pre-authentication filters: providing dos resistance for signature-based broadcast authentication in sensor networks. In WiSec '08: Proceedings of the first ACM conference on Wireless network security, pages 2--12, New York, NY, USA, 2008. ACM.
[16]
X. Du, M. Guizani, Y. Xiao, and H. H. Chen. Defending dos attacks on broadcast authentication in wireless sensor networks. In Communications, 2008. ICC '08. IEEE International Conference on, pages 1653--1657, 2008.
[17]
Ieee standard for information technology-telecommunications and information exchange between systems- local and metropolitan area networks- specific requirements part 15.4: Wireless medium access control (mac) and physical layer (phy) specifications for low-rate wireless personal area networks (wpans) ieee standard for information technology- telecommunications and information exchange between systems-local and metropolitan area networks-specific requirements part 15.4: Wireless medium access control (mac) and physical layer (phy) specifications for low-rate wireless personal area networks (wpans). Technical report, 2006.
[18]
Y. C. Hu, A. Perrig, and D. B. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks. In INFOCOM '03, volume 3, pages 1976--1986 vol.3, 2003.
[19]
John R. Douceur. The sybil attack. In IPTPS '01: Revised Papers from the First International Workshop on Peer-to-Peer Systems, pages 251--260, London, UK, 2002. Springer-Verlag.
[20]
Peng Ning, An Liu, and Wenliang Du. Mitigating dos attacks against broadcast authentication in wireless sensor networks. ACM Trans. Sen. Netw., 4(1):1--35, January 2008.
[21]
Philip Levis, Nelson Lee, Matt Welsh, and David Culler. Tossim: accurate and scalable simulation of entire tinyos applications. In SenSys '03, pages 126--137, New York, NY, USA, 2003. ACM Press.
[22]
Victor Shnayder, Mark Hempstead, Bor-Rong Chen, Geoff W. Allen, and Matt Welsh. Simulating the power consumption of large-scale sensor network applications. In SenSys '04, pages 188--200, New York, NY, USA, 2004. ACM Press.

Cited By

View all
  • (2023)Secure Data Aggregation Based on End-to-End Homomorphic Encryption in IoT-Based Wireless Sensor NetworksSensors10.3390/s2313618123:13(6181)Online publication date: 6-Jul-2023
  • (2023)Anomaly-Based Hierarchical Intrusion Detection for Black Hole Attack Detection and Prevention in WSNProceedings of Fourth International Conference on Computer and Communication Technologies10.1007/978-981-19-8563-8_30(319-327)Online publication date: 30-Mar-2023
  • (2018)Secure Sensor CloudSynthesis Lectures on Algorithms and Software in Engineering10.2200/S00886ED1V01Y201811ASE0189:2(1-140)Online publication date: 17-Dec-2018
  • Show More Cited By

Index Terms

  1. A confidential and DoS-resistant multi-hop code dissemination protocol for wireless sensor networks

          Recommendations

          Reviews

          Jesus Villadangos

          Tan et al. propose a protocol to resolve both confidentiality and denial-of-service (DoS) attacks in multi-hop wireless sensor networks (WSNs). Two specific security problems exist due to a WSN's limitations on energy consumption and computation power: in a signature-based DoS attack, "an adversary who transmits forged data ... [forces] nodes to waste energy in identifying it as invalid"; in a request-based DoS attack, an adversary "repeatedly send[s] spurious program image requests to its neighbors, making them exhaust their energy reserves." In both cases, the adversary can exhaust the elements (sensors) of the network, compromising the network service. Thus, Tan et al. propose a protocol that works on the confidentiality of the data and avoids unnecessary message forwarding. The basic idea of the algorithm is illustrated in Figure 2. The algorithm works at the packet level, and uses a version number, a cipher puzzle, and a version key. These parameters are validated before decryption takes place; the values are easy to calculate, but difficult to extract, because the complete set of packets is required. The computation power is reduced, since it is more efficient than the decryption of the whole packet. Additionally, the algorithm stores the number of times a packet has been forwarded, which helps avoid request-based DoS attacks. The protocol "is based on Deluge, an open source, state-of-the-art code dissemination protocol for WSNs." It employs the same three-stage process for data dissemination: advertisement, request, and update. The authors compare their proposal with "the original Deluge and the existing secure Deluge." Although this newly proposed protocol consumes more energy, its added verifications help to avoid signature-based and request-based DoS attacks. This paper analyzes the performance of the algorithms in the presence of signature-based and request-based attacks. Unfortunately, the authors do not compare their proposal with other protocols. Online Computing Reviews Service

          Access critical reviews of Computing literature here

          Become a reviewer for Computing Reviews.

          Comments

          Information & Contributors

          Information

          Published In

          cover image ACM Conferences
          WiSec '09: Proceedings of the second ACM conference on Wireless network security
          March 2009
          280 pages
          ISBN:9781605584607
          DOI:10.1145/1514274
          Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

          Sponsors

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          Published: 16 March 2009

          Permissions

          Request permissions for this article.

          Check for updates

          Author Tags

          1. broadcast authentication
          2. code dissemination protocols
          3. code distribution
          4. sensor network security

          Qualifiers

          • Research-article

          Conference

          WISEC '09
          Sponsor:

          Acceptance Rates

          Overall Acceptance Rate 98 of 338 submissions, 29%

          Contributors

          Other Metrics

          Bibliometrics & Citations

          Bibliometrics

          Article Metrics

          • Downloads (Last 12 months)4
          • Downloads (Last 6 weeks)0
          Reflects downloads up to 12 Feb 2025

          Other Metrics

          Citations

          Cited By

          View all
          • (2023)Secure Data Aggregation Based on End-to-End Homomorphic Encryption in IoT-Based Wireless Sensor NetworksSensors10.3390/s2313618123:13(6181)Online publication date: 6-Jul-2023
          • (2023)Anomaly-Based Hierarchical Intrusion Detection for Black Hole Attack Detection and Prevention in WSNProceedings of Fourth International Conference on Computer and Communication Technologies10.1007/978-981-19-8563-8_30(319-327)Online publication date: 30-Mar-2023
          • (2018)Secure Sensor CloudSynthesis Lectures on Algorithms and Software in Engineering10.2200/S00886ED1V01Y201811ASE0189:2(1-140)Online publication date: 17-Dec-2018
          • (2018)Smartphone-Assisted Over-Air Reprogramming Based on Visible Light Communication2018 14th International Conference on Mobile Ad-Hoc and Sensor Networks (MSN)10.1109/MSN.2018.00025(109-114)Online publication date: Dec-2018
          • (2015)Social role-based secure large data objects dissemination in mobile sensing environmentComputer Communications10.1016/j.comcom.2015.02.00765:C(27-34)Online publication date: 1-Jul-2015
          • (2015)SecLooCIAd Hoc Networks10.1016/j.adhoc.2014.09.01825:PA(141-169)Online publication date: 1-Feb-2015
          • (2015)A remote attestation protocol with Trusted Platform Modules TPMs in wireless sensor networks.Security and Communication Networks10.1002/sec.11628:13(2171-2188)Online publication date: 10-Sep-2015
          • (2015)SecNRCCConcurrency and Computation: Practice & Experience10.1002/cpe.327727:10(2668-2680)Online publication date: 1-Jul-2015
          • (2014)DSBSWireless Personal Communications: An International Journal10.1007/s11277-014-1773-478:1(599-613)Online publication date: 1-Sep-2014
          • (2013)A cluster based intrusion detection and prevention technique for misdirection attack inside WSN2013 International Conference on Communication and Signal Processing10.1109/iccsp.2013.6577166(795-801)Online publication date: Apr-2013
          • Show More Cited By

          View Options

          Login options

          View options

          PDF

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader

          Figures

          Tables

          Media

          Share

          Share

          Share this Publication link

          Share on social media