Defending DoS Attacks on Broadcast Authentication in Wireless Sensor Networks
19 May 2008-pp 1653-1657
TL;DR: This paper presents an effective and efficient scheme that can defend such DoS attack on broadcast authentication, and performance evaluation shows that the scheme is much more secure and efficient than an existing scheme.
Abstract: Security is critical for wireless sensor networks deployed in military, homeland security and other hostile environments. In this paper, we study a security issue related with broadcast in sensor networks. Due to the broadcast nature of wireless communications, often it is more efficient to broadcast packets to sensor nodes. Typically, broadcast authentication is achieved by digital signatures. Since digital signature operations are expensive for small sensor nodes, an attacker can launch a serious denial of service (DoS) attack. That is, an attacker may forge a large number of broadcast messages with digital signatures, and then force sensor nodes to verify these signatures, which can cause them run out of power. In this paper, we present an effective and efficient scheme that can defend such DoS attack on broadcast authentication. Our performance evaluation shows that the scheme is much more secure and efficient than an existing scheme.
Citations
More filters
TL;DR: This survey will explore the most relevant limitations of IoT devices and their solutions, and present the classification of IoT attacks, and analyze the security issues in different layers.
Abstract: Internet-of-Things (IoT) are everywhere in our daily life. They are used in our homes, in hospitals, deployed outside to control and report the changes in environment, prevent fires, and many more beneficial functionality. However, all those benefits can come of huge risks of privacy loss and security issues. To secure the IoT devices, many research works have been conducted to countermeasure those problems and find a better way to eliminate those risks, or at least minimize their effects on the user’s privacy and security requirements. The survey consists of four segments. The first segment will explore the most relevant limitations of IoT devices and their solutions. The second one will present the classification of IoT attacks. The next segment will focus on the mechanisms and architectures for authentication and access control. The last segment will analyze the security issues in different layers.
804 citations
TL;DR: This article investigates, highlight, and report premier research advances made in IoT architecture recently, categorize and classify IoT architectures and devise a taxonomy based on important parameters such as applications, enabling technologies, business objectives, architectural requirements, network topologies, and IoT platform architecture types.
Abstract: Recent years have witnessed tremendous growth in the number of smart devices, wireless technologies, and sensors. In the foreseeable future, it is expected that trillions of devices will be connected to the Internet. Thus, to accommodate such a voluminous number of devices, scalable, flexible, interoperable, energy-efficient, and secure network architectures are required. This article aims to explore IoT architectures. In this context, first, we investigate, highlight, and report premier research advances made in IoT architecture recently. Then we categorize and classify IoT architectures and devise a taxonomy based on important parameters such as applications, enabling technologies, business objectives, architectural requirements, network topologies, and IoT platform architecture types. We identify and outline the key requirements for future IoT architecture. A few prominent case studies on IoT are discovered and presented. Finally, we enumerate and outline future research challenges.
492 citations
TL;DR: A new framework model based on a novel feature selection metric approach named CorrAUC is proposed, and a new feature selection algorithm based on the wrapper technique to filter the features accurately and select effective features for the selected ML algorithm by using the area under the curve (AUC) metric.
Abstract: Identification of anomaly and malicious traffic in the Internet-of-Things (IoT) network is essential for the IoT security to keep eyes and block unwanted traffic flows in the IoT network. For this purpose, numerous machine-learning (ML) technique models are presented by many researchers to block malicious traffic flows in the IoT network. However, due to the inappropriate feature selection, several ML models prone misclassify mostly malicious traffic flows. Nevertheless, the significant problem still needs to be studied more in-depth that is how to select effective features for accurate malicious traffic detection in the IoT network. To address the problem, a new framework model is proposed. First, a novel feature selection metric approach named CorrAUC is proposed, and then based on CorrAUC, a new feature selection algorithm named CorrAUC is developed and designed, which is based on the wrapper technique to filter the features accurately and select effective features for the selected ML algorithm by using the area under the curve (AUC) metric. Then, we applied the integrated TOPSIS and Shannon entropy based on a bijective soft set to validate selected features for malicious traffic identification in the IoT network. We evaluate our proposed approach by using the Bot-IoT data set and four different ML algorithms. The experimental results analysis showed that our proposed method is efficient and can achieve >96% results on average.
244 citations
Additional excerpts
...For example, in 2017, the IoT attacks such as Distributed Denial of Service (DDoS) become very spread and grow up to 172%, which gain much interest in the IoT network [2]....
[...]
...See https://www.ieee.org/publications/rights/index.html for more information. in the IoT, the most dangerous and challenging widespread hazardous threats are man-in-the-middle (MITM) dangerous threats with DDoS [7]–[9]....
[...]
...in the IoT, the most dangerous and challenging widespread hazardous threats are man-in-the-middle (MITM) dangerous threats with DDoS [7]–[9]....
[...]
...Their proposed ID system [11] used the virtual private network (VPN) for secure communication between the IoT devices, and the system was able to use challenge-response authentication for the protection of the VPN server and keep protect from hazardous DDoS attacks in IoT....
[...]
TL;DR: An efficient and secure data acquisition scheme based on ciphertext policy attribute-based encryption that can fulfill the security requirements of the Cloud-IoT in smart grid and effectively reduce the time cost compared with other popular approaches.
Abstract: Cloud-supported Internet of Things (Cloud-IoT) has been broadly deployed in smart grid systems. The IoT front-ends are responsible for data acquisition and status supervision, while the substantial amount of data is stored and managed in the cloud server. Achieving data security and system efficiency in the data acquisition and transmission process are of great significance and challenging, because the power grid-related data is sensitive and in huge amount. In this paper, we present an efficient and secure data acquisition scheme based on ciphertext policy attribute-based encryption. Data acquired from the terminals will be partitioned into blocks and encrypted with its corresponding access subtree in sequence, thereby the data encryption and data transmission can be processed in parallel. Furthermore, we protect the information about the access tree with threshold secret sharing method, which can preserve the data privacy and integrity from users with the unauthorized sets of attributes. The formal analysis demonstrates that the proposed scheme can fulfill the security requirements of the Cloud-IoT in smart grid. The numerical analysis and experimental results indicate that our scheme can effectively reduce the time cost compared with other popular approaches.
214 citations
Cites background from "Defending DoS Attacks on Broadcast ..."
...Actually, some works on Wireless Sensor Networks can be used for reference, such as [4-9]....
[...]
TL;DR: This system can separate abnormal nodes from normal nodes by observing their abnormal behaviors, and it has achieved efficient, rapid intrusion detection by improving the wireless ad hoc on-demand distance vector routing protocol (Ad hoc On-Demand Distance the Vector Routing, AODV).
Abstract: The Internet of Things has broad application in military field, commerce, environmental monitoring, and many other fields. However, the open nature of the information media and the poor deployment environment have brought great risks to the security of wireless sensor networks, seriously restricting the application of wireless sensor network. Internet of Things composed of wireless sensor network faces security threats mainly from Dos attack, replay attack, integrity attack, false routing information attack, and flooding attack. In this paper, we proposed a new intrusion detection system based on -nearest neighbor (-nearest neighbor, referred to as KNN below) classification algorithm in wireless sensor network. This system can separate abnormal nodes from normal nodes by observing their abnormal behaviors, and we analyse parameter selection and error rate of the intrusion detection system. The paper elaborates on the design and implementation of the detection system. This system has achieved efficient, rapid intrusion detection by improving the wireless ad hoc on-demand distance vector routing protocol (Ad hoc On-Demand Distance the Vector Routing, AODV). Finally, the test results show that: the system has high detection accuracy and speed, in accordance with the requirement of wireless sensor network intrusion detection.
204 citations
Cites background from "Defending DoS Attacks on Broadcast ..."
...presented an effective scheme to defend DoS attack on broadcast authentication in sensor networks [38]....
[...]
References
More filters
TL;DR: The question of primitive points on an elliptic curve modulo p is discussed, and a theorem on nonsmoothness of the order of the cyclic subgroup generated by a global point is given.
Abstract: We discuss analogs based on elliptic curves over finite fields of public key cryptosystems which use the multiplicative group of a finite field. These elliptic curve cryptosystems may be more secure, because the analog of the discrete logarithm problem on elliptic curves is likely to be harder than the classical discrete logarithm problem, especially over GF(2'). We discuss the question of primitive points on an elliptic curve modulo p, and give a theorem on nonsmoothness of the order of the cyclic subgroup generated by a global point.
5,378 citations
"Defending DoS Attacks on Broadcast ..." refers background in this paper
...The implementation of 160-bit ECC on Atmel ATmega128, a CPU of 8 MHz and 8 bits, shows that an ECC point multiplication takes about 0.81 seconds [4]....
[...]
...However, the recent progress on Elliptic Curve Cryptography (ECC) [3] provides new opportunities to utilize public-key cryptography in sensor networks....
[...]
14 Sep 2003
TL;DR: In this paper, the authors present APIT, a novel localization algorithm that is range-free, which performs best when an irregular radio pattern and random node placement are considered, and low communication overhead is desired.
Abstract: Wireless Sensor Networks have been proposed for a multitude of location-dependent applications. For such systems, the cost and limitations of the hardware on sensing nodes prevent the use of range-based localization schemes that depend on absolute point-to-point distance estimates. Because coarse accuracy is sufficient for most sensor network applications, solutions in range-free localization are being pursued as a cost-effective alternative to more expensive range-based approaches. In this paper, we present APIT, a novel localization algorithm that is range-free. We show that our APIT scheme performs best when an irregular radio pattern and random node placement are considered, and low communication overhead is desired. We compare our work via extensive simulation, with three state-of-the-art range-free localization schemes to identify the preferable system configurations of each. In addition, we study the effect of location error on routing and tracking performance. We show that routing performance and tracking accuracy are not significantly affected by localization error when the error is less than 0.4 times the communication radio radius.
2,461 citations
03 Nov 2004
TL;DR: The FTSP achieves its robustness by utilizing periodic flooding of synchronization messages, and implicit dynamic topology update and comprehensive error compensation including clock skew estimation, which is markedly better than that of the existing RBS and TPSN algorithms.
Abstract: Wireless sensor network applications, similarly to other distributed systems, often require a scalable time synchronization service enabling data consistency and coordination. This paper describes the Flooding Time Synchronization Protocol (FTSP), especially tailored for applications requiring stringent precision on resource limited wireless platforms. The proposed time synchronization protocol uses low communication bandwidth and it is robust against node and link failures. The FTSP achieves its robustness by utilizing periodic flooding of synchronization messages, and implicit dynamic topology update. The unique high precision performance is reached by utilizing MAC-layer time-stamping and comprehensive error compensation including clock skew estimation. The sources of delays and uncertainties in message transmission are analyzed in detail and techniques are presented to mitigate their effects. The FTSP was implemented on the Berkeley Mica2 platform and evaluated in a 60-node, multi-hop setup. The average per-hop synchronization error was in the one microsecond range, which is markedly better than that of the existing RBS and TPSN algorithms.
2,267 citations
Book•
01 Jul 1999TL;DR: In the past few years elliptic curve cryptography has moved from a fringe activity to a major challenger to the dominant RSA/DSA systems as mentioned in this paper, and it has become all pervasive.
Abstract: In the past few years elliptic curve cryptography has moved from a fringe activity to a major challenger to the dominant RSA/DSA systems. Elliptic curves offer major advances on older systems such as increased speed, less memory and smaller key sizes. As digital signatures become more and more important in the commercial world the use of elliptic curve-based signatures will become all pervasive. This book summarizes knowledge built up within Hewlett-Packard over a number of years, and explains the mathematics behind practical implementations of elliptic curve systems. Due to the advanced nature of the mathematics there is a high barrier to entry for individuals and companies to this technology. Hence this book will be invaluable not only to mathematicians wanting to see how pure mathematics can be applied but also to engineers and computer scientists wishing (or needing) to actually implement such systems.
1,697 citations
Journal Article•
TL;DR: In this paper, an Atmel ATmega128 at 8 MHz was used to implement ECC point multiplication over fields using pseudo-Mersenne primes as standardized by NIST and SECG.
Abstract: Strong public-key cryptography is often considered to be too computationally expensive for small devices if not accelerated by cryptographic hardware. We revisited this statement and implemented elliptic curve point multiplication for 160-bit, 192-bit, and 224-bit NIST/SECG curves over GF(p) and RSA-1024 and RSA-2048 on two 8-bit microcontrollers. To accelerate multiple-precision multiplication, we propose a new algorithm to reduce the number of memory accesses. Implementation and analysis led to three observations: 1. Public-key cryptography is viable on small devices without hardware acceleration. On an Atmel ATmega128 at 8 MHz we measured 0.81s for 160-bit ECC point multiplication and 0.43s for a RSA-1024 operation with exponent e = 2 16 +1. 2. The relative performance advantage of ECC point multiplication over RSA modular exponentiation increases with the decrease in processor word size and the increase in key size. 3. Elliptic curves over fields using pseudo-Mersenne primes as standardized by NIST and SECG allow for high performance implementations and show no performance disadvantage over optimal extension fields or prime fields selected specifically for a particular processor architecture.
1,113 citations