Showing papers by "Sanjeev Setia published in 2007"
01 Dec 2007
TL;DR: The results show that Localized Multicast is more efficient than previous distributed approaches in terms of communication and memory costs and the probability of detecting node replicas is much higher than that achieved in previous distributed protocols.
Abstract: Wireless sensor nodes lack hardware support for tamper- resistance and are often deployed in unattended environments, thus leaving them vulnerable to capture and compromise by an adversary. In a node replication attack, an adversary uses the credentials of a compromised node to surreptitiously introduce replicas of that node into the network. These replicas are then used to launch a variety of attacks that subvert the goal of the sensor application, and the operation of the underlying protocols. We present a novel distributed approach called Localized Multicast for detecting node replication attacks. We evaluate the performance and security of our approach both theoretically and via simulation. Our results show that Localized Multicast is more efficient than previous distributed approaches in terms of communication and memory costs. Further, in our approach, the probability of detecting node replicas is much higher than that achieved in previous distributed protocols.
130 citations
TL;DR: Three interleaved hop-by-hop authentication schemes are presented that guarantee that the base station can detect injected false data immediately when no more than t nodes are compromised, where t is a system design parameter.
Abstract: Sensor networks are often deployed in unattended environments, thus leaving these networks vulnerable to false data injection attacks in which an adversary injects false data into the network with the goal of deceiving the base station or depleting the resources of the relaying nodes. Standard authentication mechanisms cannot prevent this attack if the adversary has compromised one or a small number of sensor nodes. We present three interleaved hop-by-hop authentication schemes that guarantee that the base station can detect injected false data immediately when no more than t nodes are compromised, where t is a system design parameter. Moreover, these schemes enable an intermediate forwarding node to detect and discard false data packets as early as possible. Our performance analysis shows that our scheme is efficient with respect to the security it provides, and it also allows a tradeoff between security and performance. A prototype implementation of our scheme indicates that our scheme is practical and can be deployed on the current generation of sensor nodes.
68 citations
TL;DR: A bandwidth-efficient scheme that seamlessly integrates network access control and group key management, and a DoS-resilient key distribution scheme that delivers updated keys to a large fraction of nodes with high probability even if an attacker can selectively compromise nodes in the multicast data delivery hierarchy and command these compromised nodes to drop keying packets.
15 citations