Image Processing Reference
In-Depth Information
the number of neighbors a node is allowed to have, e.g., through enforcement during key distribution,
authentic sensor nodes could be protected from accepting too many neighborhood relations. Addi-
tionally, by keeping track of authentic identities and associated keys, the ability of potentially
compromised nodes to simulate multiple identities could be restricted. However, the latter idea
requires some kind of global knowledge that often can only be realized efficiently by a centralized
scheme, which actively involves a base station in the key distribution protocol.
When it comes to hello shouting and wormhole/sinkhole attacks, however, pure link layer secu-
rity measures cannot provide sufficient protection, as they cannot protect completely against replay
attacks. Links should, therefore, be checked in both directions before making routing decisions to
defend against simple hello shouting attacks. Detection of wormholes actually proves to be difficult
and first approaches to this problem require rather tight clock synchronization [HPJ]. Sinkholes
might be avoided by deploying routing schemes like geographical routing that do not rely on con-
structing forwarding tables according to distance measured in hops to destination (provided that
geographic location coordinates are properly known to sensor nodes). Selective forwarding attacks
might be countered with multipath routing. However, this requires redundancy in the network and
results in higher network overhead.
In [PLGP], Parno et al. propose an approach for secure routing in sensor networks that is based
on a “recursive grouping algorithm” for address assignment and setup of routing tables. To achieve
its security objectives, the approach relies on identity certificates for each sensor node, signed with
the private key of a network authority (the corresponding public key is assumed to be known to all
sensor nodes), and a hash tree based verification procedure during the recursive grouping phase that
assigns the node addresses and builds up the routing tables. Furthermore, when a node detects mali-
cious behavior of another node, it can eliminate the malicious node and itself by sending a signed
node revocation message. Please note that in this case the revoking node needs to sacrifice itself
and will also be excluded to defend against compromised nodes that revoke multiple sensor nodes.
The approach assumes sensor nodes to be able to perform asymmetric cryptographic operations for
checking identification certificates, as well as for generating and checking signatures for node revo-
cation messages. he authors propose to make use of asymmetric cryptographic techniques that put
most effort on the signer and allow for cheap signature verification, e.g., Rabin signatures [MOV].
Only if a node revokes another malicious node, it needs to compute a signature itself, requiring sig-
nificant computational resources and energy. As in such a case, the revoking sensor node itself will
also be excluded from the network, the energy drain caused by the signature generation can be tol-
erated according to the authors of Ref. [PLGP]. For this idea to work, however, a revoking node
needs to be sure, that it is revoking a genuine node of the sensor network with a valid identity and
certificate. Otherwise an external attacker aiming to cause DoS could easily provoke as many genuine
sensor nodes as he likes to sacrifice themselves with a revoke operation.
10.3 Energy Efficient Confidentiality and Integrity
The preceding discussion of potential countermeasures against DoS attacks and general attacks on
routing in wireless sensor networks has shown that the security services confidentiality and integrity
prove to be valuable mechanisms against various attacks. Obviously, they are also effective mea-
sures to protect application data (e.g., commands and sensor readings) against unauthorized eaves-
dropping and manipulation, respectively. In this section, we will therefore examine their efficient
implementation in resource-restricted sensor networks.
In their paper
SPINS: Security Protocols for Sensor Networks
[PST
+
], Perrig et al. discuss the
requirements and propose a set of protocols for realizing efficient security services for sensor
networks.hemainchallengesinthedesignofsuchprotocolsariseoutoftightimplementationcon-
straints in terms of instruction set, memory, CPU speed, a very small energy budget in low-powered
