PoK

Author:Donggang Liu,Peng Ning,Sencun Zhu,Sushil Jajodia

Description:
Broadcast authentication is a critical security service in sensor networks; it allows a sender to broadcast messages to multiple nodes in an authenticated way. mTESLA and multi-level mTESLA have been proposed to provide such services for sensor networks. However, none of these techniques are scalable in terms of the number of senders.Though multi-level mTESLA schemes can scale up to large sensor networks (in terms of receivers), they either use substantial bandwidth and storage at sensor nodes,require significant resources at senders to deal with DOS attacks. This paper presents efficient techniques to support a potentially large number of broadcast senders using mTESLA instances as building blocks. The proposed techniques are immune to the DOS attacks. This paper also provides two approaches, a revocation tree based scheme and a proactive distribution based scheme, to revoke the broadcast authentication capability from compromised senders.The proposed techniques are implemented, and evaluated through simulation on TinyOS. The analysis and experiment show that these techniques are efficient and practical,and can achieve better performance than the previous approaches.

Author:Donggang Liu,Peng Ning,Wenliang Du

Description:
Sensors locations play a critical role in many sensor network applications. A number of techniques have been proposed recently to discover the locations of regular ensors based on a few special nodes called beacon nodes, which are assumed to know their locations (e.g., through GPS receivers or manual configuration). However, none of these techniques can work properly when there are malicious attacks, especially when some of the beacon nodes are compromised. This paper introduces a suite of techniques to detect and remove compromised beacon nodes that supply misleading location information to the regular sensors, aiming at providing secure location discovery services in wireless sensor networks. These techniques start with a simple but effective method to detect malicious beacon signals. To identify malicious beacon nodes and avoid false detection, this paper also presents several techniques to detect replayed beacon signals. This paper then roposes a method to reason about the suspiciousness of each beacon node at the base station based on the detection results collected from beacon nodes, and then revoke malicious beacon nodes accordingly. Finally, this paper provides detailed analysis and simulation to evaluate the proposed techniques. The results show that our techniques are practical and effective in detecting malicious beacon nodes.

Author:Qi Dong, Donggang Liu,Peng Ning

Description:
Recent studies have demonstrated that it is possible to per form public key cryptographic operations on the resource constrained sensor platforms. However, the significant resource consumption imposed by public key cryptographic operations makes such mechanisms easy targets of Denial of Service (DoS) attacks. For example, if digital signatures such as ECDSA are used directly for broadcast authenti cation without further protection, an attacker can simply broadcast forged packets and force the receiving nodes to perform a large number of unnecessary signature verifications, eventually exhausting their battery power. This paper studies how to deal with such DoS attacks when signatures are used for broadcast authentication in sensor networks.In particular, this paper presents two filtering techniques,a group based filter and a key chain based filter, to handle DoS attacks against signature verification. Both methods can significantly reduce the number of unnecessary signature verifications that a sensor node hasto perform. The analytical results also show t

Author:Donggang Liu,Peng Ning,Wenliang Du

Description:
Many key pre distribution techniques have been developed recently to establish pairwise keys for wireless sensor networks. To further improve these schemes, researchers have proposed to take advantage of sensors’ expected locations to help pre distributing keying materials. However, it is usually very difficult, and sometimes impossible, to guarantee the knowledge of sensors’ expected locations. In order to remove the dependency on expected locations,this paper proposes a practical deployment model, where sensor nodes are deployed in groups, and the nodes in the same group are close to each other after the deployment. Based on this model, the paper develops a novel group based key pre distribution framework, which can be combined with any of existing key predistribution techniques. A distinguishing property of this framework is that it does not require the knowledge of sensors expected locations and greatly simplifies the deployment of sensor networks.The analysis also shows that the framework can substantially improve the security as well as the performance of existing key predistribution techniques.

Author:Donggang Liu,Peng Ning, An Liu,Cliff Wang,Wenliang Kevin Du

Description:
Many sensor network applications require sensors’ locations to function correctly. Despite the recent advances, location discovery for sensor networks in hostile environments has been mostly overlooked. Most of the existing localization protocols for sensor networks are vulnerable in hostile environments. The security of location discovery can certainly be enhanced by authentication. However, the possible node compromises and the fact that location determination uses certain physical features (e.g., received signal strength) of radio signals make authentication not as effective as in traditional security applications. This paper presents two methods to tolerate malicious attacks against range based location discovery in sensor networks. The first method filters out malicious beacon signals on the basis of the “consistency” among multiple beacon signals, while the second method tolerates malicious beacon signals by adopting an iteratively refined voting scheme. Both methods can survive malicious attacks even if the attacks bypass authentication,provided that the benign beacon signals constitute the majority of the beacon signals. This paper also presents the implementation and experimental evaluation (through both field experiments and simulation) of all the secure and resilient location estimation schemes that can be used on the current generation of sensor platforms (e.g., MICA series of motes), including the techniques proposed in this paper, in a network of MICAz motes. The experimental results demonstrate the effectiveness of the proposed methods, and also give the secure and resilient location estimation scheme most suitalbe for the current generation of sensor networks.