Open Access  Subscription or Fee Access

In sensor networks, an intruder (i.e., compromised node) identified and isolated in one place can be relocated and/or duplicated to other places to continue attacks; hence, detection and isolation of the same intruder or its clones may have to be conducted repeatedly, wasting scarce network resources. Therefore, once an intruder is identified, it should be known to all innocent nodes such that the intruder or its clones can be recognized when appearing elsewhere. However, secure, efficient and scalable sharing of intruder information remains a challenging and unsolved problem. To address this problem, we propose a three-tier framework, consisting of a verifiable intruder reporting (VIR) scheme, a quorum based caching (QBC) scheme  for efficiently propagating intruder reports to the whole network, and a collaborative Bloom Filter (CBF) scheme for handling intruder information locally. Extensive analysis and evaluations are also conducted to verify the efficiency and scalability of the proposed framework.

Network Security, Routing Alogrithms intruder information caches, Dedicated membership servers, IP Spoofing

S. Marti, T. Giuli, K. Lai, and M. Baker, “Mitigating Routing Misbehavior in Mobile Ad Hoc Networks,” ACM MobiCom, pp. 255–265, August 2000.

D. Liu, P. Ning and W. Du, “Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks,” ICDCS, pp. 609–619, June 2005.

B. Parno, A. Perrig and V. Gligor, “Distributed detection of node replication attacks in sensor networks,” IEEE S&P, pp. 49–63, May 2005.

Y. Yang, X. Wang, S. Zhu, and G. Cao, “Distributed Software-based Attestation for Node Compromise Detection in Sensor Networks,” SRDS, pp. 219–230, October 2007.

I. Khalil, S. Bagchi, C. Nita-Rotaru, “Dicas: Detection, diagnosis and isolation of control attacks in sensor networks,” SecureComm, pp. 89– 100, 2005.

G. Wang, W. Zhang, G. Cao, and T. La Porta, “On Supporting Distributed Collaboration in Sensor networks,” MILCOM, pp. 752–757 Vol.2, October 2003.

A. Shamir, “How to share a secret,” Communications of the ACM, vol. 22, no. 11, 1979.

N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of Computation, vol. 48, no. 177, pp. 203–209, 1987.

V. S. Miller, “Use of elliptic curves in cryptography,” CRYPTO, pp. 417–426, 1985.

R. Merkle, “A certified digital signature,” CRYPTO, pp. 218–238, 1989.

N. Gura, A. Patel, A. Wander, H. Eberle, and S. C. Shantz, “Comparing elliptic curve cryptography and RSA on 8-bit CPUs,” CHES, 2004.

D. Boneh and M. Franklin, “Identity-based encryption from the Weil pairing,” LNCS, vol. 2139, pp. 213–229, 2001.

W. Du, R. Wang, and P. Ning, “An efficient scheme for authenticating public keys in sensor networks,” MOBIHOC, pp. 58–67, 2005.

T. Elgamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Transactions on Information Theory, vol. 31, no. 4, pp. 469–472, 1985.

ANSI, ANSI X9.62:2005: Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm (ECDSA), American National Standards Institute.

H. Wang and Q. Li, “Efficient implementation of public key cryptosystems on mote sensors (short paper),” ICICS, pp. 519–528, Dec. 2006.

B. Bloom, “Space/Time Trade-offs in Hash Coding with Allowable Errors,” Communications of the ACM, p. 422, 1970.

S. Dharmapurikar, P. Krishnamurthy, and D. E. Taylor, “Longest prefix matching using bloom filters,” SIGCOMM, pp. 201–212, 2003.

D. Estrin, R. Govindan, J. S. Heidemann, and S. Kumar, “Next century challenges: Scalable coordination in sensor networks,” MOBICOM, pp. 263–270, 1999.

B. Karp and H. T. Kung, “Gpsr: greedy perimeter stateless routing for wireless networks,” MOBICOM, pp. 243–254, 2000.

A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. Tygar, “Spins: security protocols for sensor netowrks,” in Proceedings of ACM Mobile Computing and Networking (Mobicom’01), 2001, pp. 189–199.

S.-Y. Ni, Y.-C. Tseng, Y.-S. Chen, and J.-P. Sheu, “The broadcast storm problem in a mobile ad hoc network,” MOBICOM, pp. 151–162, 1999.