Chia-Mu Yu

Mobile Sensor Network Resilient Against Node Replication Attacks

By launching the node replication attack, the adversary can place the replicas of captured sensor nodes back into the sensor networks in order to eavesdrop the transmitted messages or compromise the functionality of the network. Although defending against node replication attacks demands immediate attention, only a few solutions were proposed. Most of the existing distributed protocols adopt the witness finding strategy, which selects a set of sensor nodes somewhere as the witnesses, to detect the replicas. However, the energy consumption of the witness finding strategy is remarkably high and even gets worse in mobile networks. In addition, the location information is necessary for each node if the witness finding strategy is applied. In this paper, a novel protocol, called extremely Efficient Detection (XED), is proposed to resist against node replication attacks in mobile sensor networks. The advantages of XED include (1) only constant communication cost is required for replica detection; (2) the location information of sensor nodes is not required. Performance analyses and comparison with known methods are provided to demonstrate the effectiveness of our protocol.

Compressed Sensing Detector Design for Space Shift Keying in MIMO Systems

Space shift keying (SSK) modulation and its extension, the generalized SSK (GSSK), present an attractive framework for the emerging large-scale MIMO systems in reducing hardware costs. In SSK, the maximum likelihood (ML) detector incurs considerable computational complexities. We propose a compressed sensing based detector, NCS, by formulating the SSK-type detection criterion as a convex optimization problem. The proposed NCS requires only O(ntNrNt) complexity, outperforming the O(NrNtnt) complexity in the ML detector, at the cost of slight fidelity degradation. Simulations are conducted to substantiate the analytical derivation and the detection accuracy.

Efficient and Distributed Detection of Node Replication Attacks in Mobile Sensor Networks

In this paper, we study the challenging problem of node replication detection. Although defending against node replication attacks demands immediate attention, only a few solu- tions were proposed. In this paper, an Efficient and Distributed Detection (EDD) scheme and its variant, SEDD, are proposed to resist against node replication attacks in mobile sensor net- works. The characteristics possessed by EDD and SEDD include (1) Distributed Detection; (2) Efficiency and Effectiveness; (3) Individual Detection; (4) Network-Wide Revocation Avoidance. Performance comparison with known methods are provided to demonstrate the efficiency of the EDD and SEDD schemes.

Noninteractive Pairwise Key Establishment for Sensor Networks

As a security primitive, key establishment plays the most crucial role in the design of the security mechanisms. Unfortunately, the resource limitation of sensor nodes poses a great challenge for designing an efficient and effective key establishment scheme for wireless sensor networks (WSNs). In spite of the fact that many elegant and clever solutions have been proposed, no practical key establishment scheme has emerged. In this paper, a ConstrAined Random Perturbation-based pairwise keY establishment (CARPY) scheme and its variant, a CARPY+ scheme, for WSNs, are presented. Compared to all existing schemes which satisfy only some requirements in so-called sensor-key criteria, including (1) resilience to the adversarys intervention, (2) directed and guaranteed key establishment, (3) resilience to network configurations, (4) efficiency, and (5) resilience to dynamic node deployment, the proposed CARPY+ scheme meets all requirements. In particular, to the best of our knowledge, CARPY+ is the first noninteractive key establishment scheme with great resilience to a large number of node compromises designed for WSNs. We examine the CARPY and CARPY+ schemes from both the theoretical and experimental aspects. Our schemes have also been practically implemented on the TelosB compatible mote to evaluate the corresponding performance and overhead.

Top-

Storage nodes are expected to be placed as an intermediate tier of large scale sensor networks for caching the collected sensor readings and responding to queries with benefits of power and storage saving for ordinary sensors. Nevertheless, an important issue is that the compromised storage node may not only cause the privacy problem, but also return fake/incomplete query results. We propose a simple yet effective dummy reading-based anonymization framework, under which the query result integrity can be guaranteed by our proposed verifiable top- k query (VQ) schemes. Compared with existing works, the VQ schemes have a fundamentally different design philosophy and achieve the lower communication complexity at the cost of slight detection capability degradation. Analytical studies, numerical simulations, and prototype implementations are conducted to demonstrate the practicality of our proposed methods.

k

We deal with the challenging problem of node replication detection. Although defending against node replication attacks demands immediate attention, compared to the extensive exploration on the defense against node replication attacks in static networks, only a few solutions in mobile networks have been presented. Moreover, while most of the existing schemes in static networks rely on the witness-finding strategy, which cannot be applied to mobile networks, the velocity-exceeding strategy used in existing schemes in mobile networks incurs efficiency and security problems. Therefore, based on our devised challenge-and-response and encounter-number approaches, localized algorithms are proposed to resist node replication attacks in mobile sensor networks. The advantages of our proposed algorithms include 1) localized detection; 2) efficiency and effectiveness; 3) network-wide synchronization avoidance; and 4) network-wide revocation avoidance. Performance comparisons with known methods are provided to demonstrate the efficiency of our proposed algorithms. Prototype implementation on TelosB mote demonstrates the practicality of our proposed methods.

Query Result Completeness Verification in Tiered Sensor Networks

The two-tier architecture consisting of a small number of resource-abundant storage nodes in the upper tier and a large number of sensors in the lower tier could be promising for large-scale sensor networks in terms of resource efficiency, network capacity, network management complexity, etc. In this architecture, each sensor having multiple sensing capabilities periodically forwards the multidimensional sensed data to the storage node, which responds to the queries, such as range query, top-k query, and skyline query. Unfortunately, node compromises pose the great challenge of securing the data collection; the sensed data could be leaked to or could be manipulated by the compromised nodes. Furthermore, chunks of the sensed data could be dropped maliciously, resulting in an incomplete query result, which is the most difficult security breach. Here, we propose a simple yet effective hash tree-based framework, under which data confidentiality, query result authenticity, and query result completeness can be guaranteed simultaneously. In addition, the subtree sampling technique, which could be of independent interest to the other applications, is proposed to efficiently identify the compromised nodes. Last, analytical and extensive simulation studies are conducted to evaluate the performance and security of our methods. Prototype implementation on TelosB mote demonstrates the practicality of our proposed methods.

Localized Algorithms for Detection of Node Replication Attacks in Mobile Sensor Networks

Sensor networks are vulnerable to false data injection attack and path-based denial of service (PDoS) attack. While conventional authentication schemes are insufficient for solving these security conflicts, an en-route filtering scheme, enabling each forwarding node to check the authenticity of the received message, acts as a defense against these two attacks. To construct an efficient en-route filtering scheme, this paper first presents a Constrained Function-based message Authentication (CFA) scheme, which can be thought of as a hash function directly supporting the en-route filtering functionality. Obviously, the crux of the scheme lies on the design of guaranteeing each sensor to have en-route filtering capability. Together with the redundancy property of sensor networks, which means that an event can be simultaneously observed by multiple sensor nodes, the devised CFA scheme is used to construct a CFA-based en-route filtering (CFAEF) scheme. In addition to the resilience against false data injection and PDoS attacks, CFAEF is inherently resilient against false endorsement-based DoS attack. In contrast to most of the existing methods, which rely on complicated security associations among sensor nodes, our design, which directly exploits an en-route filtering hash function, appears to be novel. We examine the CFA and CFAEF schemes from both the theoretical and numerical aspects to demonstrate their efficiency and effectiveness. Moreover, prototype implementation on TelosB mote demonstrates the practicality of our proposed method.

Practical and Secure Multidimensional Query Framework in Tiered Sensor Networks

In this paper, a ConstrAined Random Perturbation based pairwise keY establishment (CARPY) scheme and its variant, a CARPY+ scheme, for Wireless Sensor Networks (WSNs), are presented. Compared to all existing schemes which satisfy only some requirements in so-called sensor-key criteria, including 1) resilience to the adversarys intervention, 2) directed and guaranteed key establishment, 3) resilience to network configurations, 4) efficiency, and 5) resilience to dynamic node deployment, the proposed CARPY+ scheme meets all requirements. In particular, to the best of our knowledge, CARPY+ is the first noninteractive key establishment scheme with great resilience to a large number of node compromises designed for WSNs. We examine the CARPY and CARPY+ schemes from both the theoretical and experimental aspects. Our schemes have also been practically implemented on the TelosB compatible mote to evaluate the corresponding performance and overhead.

Constrained Function-Based Message Authentication for Sensor Networks

An Unattended Wireless Sensor Network (UWSN) can be used in many applications to collect valuable data. Nevertheless, due to the unattended nature, the sensors could be compromised and the sensor readings would be maliciously altered so that the sink accepts the falsified sensor readings. Unfortunately, few attentions have been given to this authentication problem. Moreover, existing methods suffer from different kinds of DoS attacks such as Path-Based DoS (PDoS) and False Endorsement-based DoS (FEDoS) attacks. In this paper, a scheme, called AAD, is proposed to Acquire Authentic Data in UWSNs. We exploit the collaboration among sensors to address the authentication problem. With the proper design of the collaboration mechanism, AAD has superior resilience against sensor compromises, PDoS attack, and FEDoS attack. In addition, compared with prior works, AAD also has relatively low energy consumption. In particular, according to our simulation, in a network with 1,000 sensors, the energy consumed by AAD is lower than 30% of that consumed by the existing method, ExCo. The analysis and simulation are also conducted to demonstrate the superiority of the proposed AAD scheme over the existing methods.