Affiliation:
1. North Carolina State University
2. Syracuse University
Abstract
Broadcast authentication is a critical security service in wireless sensor networks. There are two general approaches for broadcast authentication in wireless sensor networks: digital signatures and μTESLA-based techniques. However, both signature-based and μTESLA-based broadcast authentication are vulnerable to Denial of Services (DoS) attacks: An attacker can inject bogus broadcast packets to force sensor nodes to perform expensive signature verifications (in case of signature-based broadcast authentication) or packet forwarding (in case of μTESLA-based broadcast authentication), thus exhausting their limited battery power. This paper presents an efficient mechanism called
message-specific puzzle
to mitigate such DoS attacks. In addition to signature-based or μTESLA-based broadcast authentication, this approach adds a weak authenticator in each broadcast packet, which can be efficiently verified by a regular sensor node, but takes a computationally powerful attacker a substantial amount of time to forge. Upon receiving a broadcast packet, each sensor node first verifies the weak authenticator, and performs the expensive signature verification (in signature-based broadcast authentication) or packet forwarding (in μTESLA-based broadcast authentication) only when the weak authenticator is valid. A weak authenticator cannot be precomputed without a non-reusable (or short-lived) key disclosed only in a valid packet. Even if an attacker has intensive computational resources to forge one or more weak authenticators, it is difficult to reuse these forged weak authenticators. Thus, this weak authentication mechanism substantially increases the difficulty of launching successful DoS attacks against signature-based or μTESLA-based broadcast authentication. A limitation of this approach is that it requires a powerful sender and introduces sender-side delay. This article also reports an implementation of the proposed techniques on TinyOS, as well as initial experimental evaluation in a network of MICAz motes.
Funder
National Science Foundation
Army Research Office
Division of Computer and Network Systems
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications
Reference47 articles.
1. Wireless sensor networks: a survey
2. Lecture Notes in Computer Science;Aura T.,2001
3. Back A. 2002. Hashcash---a denial of service counter-measure. http://www.cypherspace.org/hashcash/hashcash.pdf. Back A. 2002. Hashcash---a denial of service counter-measure. http://www.cypherspace.org/hashcash/hashcash.pdf.
4. Certicom Research. 2000. Standards for efficient cryptography---SEC 2: Recommended elliptic curve domain parameters. http://www.secg.org/collateral/sec2_final.pdf. Certicom Research. 2000. Standards for efficient cryptography---SEC 2: Recommended elliptic curve domain parameters. http://www.secg.org/collateral/sec2_final.pdf.
Cited by
83 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献