Secure message authentication system for node to node network

In a large-scale sensor network individual sensors are subject to security compromises. A compromised node can be used to inject bogus sensing reports. If undetected, these bogus reports would be forwarded to the data collection point (i.e., the sink). Such attacks by compromised nodes can result in not only false alarms but also the depletion of the finite amount of energy in a battery powered network. In this paper, we present a statistical en-route filtering (SEF) mechanism to detect and drop false reports during the forwarding process. Assuming that the same event can be detected by multiple sensors, in SEF each of the detecting sensors generates a keyed message authentication code (MAC) and multiple MACs are attached to the event report. As the report is forwarded, each node along the way verifies the correctness of the MAC's probabilistically and drops those with invalid MACs. SEF exploits the network scale to filter out false reports through collective decision-making by multiple detecting nodes and collective false detection by multiple forwarding nodes. We have evaluated SEF's feasibility and performance through analysis, simulation, and implementation. Our results show that SEF can be implemented efficiently in sensor nodes as small as Mica2. It can drop up to 70% of bogus reports injected by a compromised node within five hops, and reduce energy consumption by 65% or more in many cases.

Statistical en-route filtering of injected false data in sensor networks

While symmetric-key schemes are efficient in processing time for sensor networks, they generally require complicated key management, which may introduce large memory and communication overhead. On the contrary, public-key based schemes have simple and clean key management, but cost more computational time. The recent progress of elliptic curve cryptography (ECC) implementation on sensors motivates us to design a public-key scheme and compare its performance with the symmetric-key counterparts. This paper builds the user access control on commercial off-the-shelf sensor devices as a case study to show that the public-key scheme can be more advantageous in terms of the memory usage, message complexity, and security resilience. Meanwhile, our work also provides insights in integrating and designing public-key based security protocols for sensor networks.

/pdf/comparing-symmetric-key-and-public-key-based-security-y21aon26hg.pdf

Comparing Symmetric-key and Public-key Based Security Schemes in Sensor Networks: A Case Study of User Access Control

Numerous authentication schemes have been proposed in the past for protecting communication authenticity and integrity in wireless sensor networks. Most of them however have following limitations: high computation or communication overhead, no resilience to a large number of node compromises, delayed authentication, lack of scalability, etc. To address these issues, we propose in this paper a novel message authentication approach which adopts a perturbed polynomial-based technique to simultaneously accomplish the goals of lightweight, resilience to a large number of node compromises, immediate authentication, scalability, and non-repudiation. Extensive analysis and experiments have also been conducted to evaluate the scheme in terms of security properties and system overhead.

Secure message authentication system for node to node network

References

Statistical en-route filtering of injected false data in sensor networks

Comparing Symmetric-key and Public-key Based Security Schemes in Sensor Networks: A Case Study of User Access Control

Lightweight and Compromise-Resilient Message Authentication in Sensor Networks

Related Papers (5)

User node authentication method in mobile ad hoc network by using eap

Method for reconfiguring security mechanism of a wireless network and the mobile node and network node thereof

Systems and methods for end-to-end resource reservation authentication

Authentication method of fast reroute resource reservation, device and system thereof

Apparatus and method of processing authentication in wireless mesh network