26-06-2013, 12:33 PM
Secure Multi-hop Network Programming With Multiple One-way Key Chains
Secure Multi-hop Network.pdf (Size: 943.44 KB / Downloads: 27)
ABSTRACT
Current network programming protocols provide an e±cient
way to update the program image running on sensor nodes
without physical access to them. However, given the open
environment in which sensor nodes are deployed, securing
network programming is a challenging task. Existing work
addressing this issue either lack consideration of securing
multi-hop network programming protocols, or are not cost-
e±cient. To our knowledge, none of them have evaluated
the power consumption. In this paper, we propose a novel
scheme to secure multi-hop network programming protocols
using multiple one-way hash chains. This scheme is resilient
to malicious program image injection by the compromised
nodes and it secures multi-hop propagation of program im-
ages for sensor nodes.
INTRODUCTION
Network programming has become necessary for wireless
sensor networks (WSN) because image update may be sub-
sequently required for bug ¯xes or to provide new function-
alities after a WSN has been deployed [1].
The initial network programming protocols [2], [3], [4], [5]
concentrated on reliable program image dissemination and
minimal end-to-end update latency, but provided no security
mechanisms. The absence of authentication in broadcast of
a program image imposes a vulnerability to installation of
arbitrary program images in WSNs. An adversary can sim-
ply capture one sensor node in WSNs and inject a malicious
program image. Without a proper authentication mecha-
nism, an adversary can take control of the entire WSN with
minimal e®ort (i.e., one single sensor node compromise).
The goal of this paper is to design and implement a new
scheme to verify the authenticity and integrity of program
updates in network program protocols. Our work is moti-
vated by the following three challenges.
RELATED WORK& OUR
CONTRIBUTIONS
Review on network programming
Deluge [2], currently distributed as part of TinyOS, is one
of the most popular multi-hop network programming proto-
cols. In Deluge, the program update is divided into ¯xed-size
blocks called pages. Each page is further divided into ¯xed-
size packets, which are the basic transmission units. Deluge
employs a three-stage (advertise-request-updates) process to
propagate a program update among sensor nodes. Pages are
disseminated in a pipelined fashion, whereby the nodes are
allowed to forward the pages that they have completely re-
ceived without waiting for the receipt of the whole program
update. However, pages are strictly received sequentially,
i.e., a node could not forward a page without having re-
ceived all previous pages.
Our Contributions
The followings are key contributions in this paper:
Multi-hop support in secure network programming. We
consider not only securing program updates between
the base station and the sensor nodes, but also the
propagation of program updates among sensor nodes.
A simple but e®ective method to counter tunnel (worm-
hole) attack. Tunnel attack [18] [19] [20] is an easy-to-
implement attack in wireless network. We provide an
easy-to-implement method to counter this attack and
a numerical analysis of our method.
Power consumption evaluation. Power conservation is
imperative in WSNs. To our knowledge, we are the
¯rst to evaluate the power consumption of security
schemes of network programming protocols through
Power Tossim [21].
DESIGN AND IMPLEMENTATION
This section provides the design of our new secure network
programming scheme. As described in section 2.1, Deluge
has a hierarchical organization of program images (program
images ! pages ! packets). Our scheme works in the gran-
ularity of packets. It consists of two phases: initialization
and key pre-distribution, and packet pre-processing and ver-
i¯cation. Firstly, the notations used in this paper are pro-
vided in Table 1. Then these two phases of our scheme are
presented in section 4.1 and section 4.2, respectively.
CONCLUSION AND FUTURE WORK
In this work, we propose an authentication scheme to
secure multi-hop network programming with multiple one-
way hash chains. Instead of adopting expensive asymmetric
cryptographic primitives in existing works, we employ sym-
metric cryptographic primitives in our scheme with a cir-
cular geographic nodes deployment model. We further dis-
cussed the possible attacks an adversary can mount on our
scheme and provided simple and e®ective counter measures
against them.