14-05-2013, 12:49 PM
Data Reporting in Wireless Sensor Networks Using Dynamic Filtering Scheme
Data Reporting in Wireless.pdf (Size: 266.63 KB / Downloads: 38)
Abstract
In wireless sensor networks, adversaries can inject
false data reports via compromised nodes and launch DoS attacks
against legitimate reports. Recently, a number of filtering schemes
against false reports have been proposed. However, they either lack
strong filtering capacity or cannot support highly dynamic sensor
networks very well. Moreover, few of them can deal with DoS
attacks simultaneously. In this paper, we propose a dynamic en-route
filtering scheme that addresses both false report injection and DoS
attacks in wireless sensor networks. In our scheme, each node has a
hash chain of authentication keys used to endorse reports; meanwhile,
a legitimate report should be authenticated by a certain number of
nodes. First, each node disseminates its key to forwarding nodes.
Then, after sending reports, the sending nodes disclose their keys,
allowing the forwarding nodes to verify their reports. We design the
Hill Climbing key dissemination approach that ensures the nodes
closer to data sources have stronger filtering capacity. Moreover, we
exploit the broadcast property of wireless communication to defeat
DoS attacks and adopt multipath routing to deal with the topology
changes of sensor networks. Simulation results show that compared
to existing solutions, our scheme can drop false reports earlier with a
lower memory requirement, especially in highly dynamic sensor
networks.
INTRODUCTION
N this paper, we propose a dynamic en-route filtering
scheme to address both false report injection attacks and
DoS attacks in wireless sensor networks. In our scheme,
sensor nodes are organized into clusters. Each legitimate
report should be validated by multiple message authentication
codes (MACs), which are produced by sensing nodes using
their own authentication keys. The authentication keys of each
node are created from a hash chain. Before sending reports,
nodes disseminate their keys to forwarding nodes using Hill
Climbing approach. Then, they send reports in rounds. In each
round, every sensing node endorses its reports using a new key
and then discloses the key to forwarding nodes. Using the
disseminated and disclosed keys.
Our scheme has two advantages:
• We design the Hill Climbing approach for key
dissemination, which ensures that the nodes closer to clusters
hold more authentication keys than those closer to the base
station do. This approach not only balances memory
requirement among nodes, but also makes false reports
dropped as early as possible.
• Multipath routing is adopted when disseminating keys to
forwarding nodes, which not only reduces the cost for
updating keys in highly dynamic sensor networks, but also
mitigates the impact of selective forwarding attacks.
Simulation results show that, compared to existing ones, our
scheme can drop false reports earlier with a lower memory
requirement, especially in the networks whose topologies
change frequently.
SYSTEM ARCHITECTURE
System Model
We model the communication region of wireless sensor
nodes as a circle area of radius, which is called the
transmission range. We only consider the bidirectional links
between neighbour nodes and assume that sensor nodes
simply discard or ignore those links that are not bidirectional.
Based on these assumptions, we say that two nodes must be
the neighbour of each other and can always communicate with
each other if the distance between them is no more than .
Wireless sensor nodes may be deployed into some target field
to detect the events occurring within the field.
Threat Model
Typically, sensor nodes are not tamper-resistant and can be
compromised by adversaries. We assume that each cluster
contains at most compromised nodes, which may collaborate
with each other to generate false reports by sharing their secret
key information.
In this paper, we consider the following attacks launched by
adversaries from the compromised nodes:
• False report injection attacks: The compromised nodes can
send the false reports containing some forged or nonexistent
events “occurring” in their clusters. Moreover, given sufficient
secret information, they may even impersonate some
uncompromised nodes of other clusters and report the forged
events “occurring” within those clusters. These false reports
not only cause false alarm at the base station, but also drain
out the limited energy of forwarding nodes.
OUR SCHEME
When an event occurs within some cluster, the cluster-head
collects the sensing reports from sensing nodes and aggregates
them into the aggregated reports. Then, it forwards the
aggregated reports to the base station through forwarding
nodes. In our scheme, each sensing report contains one MAC
that is produced by a sensing node using its authentication key
(called auth-key for short), while each aggregated report
contains distinct MACs, where is the maximum number of
compromised nodes allowed in each cluster. In our scheme,
each node possesses a sequence of auth-keys that form a hash
chain. Before sending the reports.
CONCLUSION
In this paper, we propose dynamic en-route quarantine
scheme for filtering false data injection attacks and DoS
attacks in wireless sensor networks. In our scheme, each node
uses its own auth-keys to authenticate their reports and a
legitimate report should be endorsed by nodes. The auth-keys
of each node form a hash chain and are updated in each round.
The cluster-head disseminates the first auth-key of every node
to forwarding nodes and then sends the reports followed by
disclosed auth-keys. The forwarding nodes verify the
authenticity of the disclosed keys by hashing the disseminated
keys and then check the integrity and validity of the reports
using the disclosed keys. According to the verification results,
they inform the next-hop nodes to either drop or keep on
forwarding the reports. This process is repeated by each
forwarding node at every hop.