Sensor networks are subject to a number of insidious attacks, including replication attacks, denial-of-message attacks, wormhole and Sybil attacks. Our work investigates innovative algorithms for preventing and/or detecting these attacks.

Replication Attacks

The low-cost, off-the-shelf hardware components in unshielded sensor-network nodes leave them vulnerable to compromise. With little effort, an adversary may capture nodes, analyze and replicate them, and surreptitiously insert these replicas at strategic locations within the network. Such attacks may have severe consequences; they may allow the adversary to corrupt network data or even disconnect significant parts of the network. We propose two new algorithms based on emergent properties, i.e., properties that arise only through the collective action of multiple nodes. Randomized Multicast distributes node location information to randomly-selected witnesses, exploiting the birthday paradox to detect replicated nodes, while Line-Selected Multicast uses the topology of the network to detect replication. Both algorithms provide globally-aware, distributed node-replica detection, and Line-Selected Multicast displays particularly strong performance characteristics. We show that emergent algorithms represent a promising new approach to sensor network security.

Denial-of-Message Attacks

So far, sensor network broadcast protocols assume a trustworthy environment. However, in safety and mission-critical sensor networks this assumption may not be valid and some sensor nodes might be adversarial. In these environments, malicious sensor nodes can deprive other nodes from receiving a broadcast message. We call this attack a Denial-of-Message Attack (DoM). In this paper, we model and analyze this attack, and present countermeasures.

We present SIS, a Secure Implicit Sampling scheme that permits a broadcasting base station to probabilistically detect the failure of nodes to receive its broadcast, even if these failures result from an attacker motivated to induce these failures undetectably. SIS works by eliciting authenticated acknowledgments from a subset of nodes per broadcast, where the subset is unpredictable to the attacker and tunable so as to mitigate acknowledgment implosion on the base station. We use a game-theoretic approach to evaluate this scheme in the face of an optimal attacker that attempts to maximize the number of nodes it denies the broadcast while remaining undetected by the base station, and show that SIS significantly constrains such an attacker even in sensor networks exhibiting high intrinsic loss rates. We also discuss extensions that permit more targeted detection capabilities.

Wormholes

MORE DESCRIPTION

Sybil Attacks

A particularly harmful attack against sensor and ad hoc networks is known as the Sybil attack, wherein a node illegitimately claims multiple identities. We show that the attack can be exceedingly detrimental to many important functions of these networks, such as routing, resource allocation, misbehavior detection, etc. Our work establishes a classification of different types of the Sybil attack, and design and analyze countermeasures against each type.

SCUBA: Secure Code Updates by Attestation in Sensor Networks

SCUBA (Secure Code Updates by Attestation in Sensor Networks) is a protocol for detecting and recovering compromised nodes in sensor networks. The SCUBA protocol enables the design of a sensor network that can detect compromised nodes without false negatives, and either repair them through code updates, or revoke the compromised nodes. SCUBA represents a promising approach for designing secure sensor networks by proposing a first approach for automatic recovery of compromised sensor nodes. It is based on ICE (Indisputable Code Execution), a primitive we introduce to dynamically establish a trusted code base on a remote, untrusted sensor node.

Contact Us