article

Interleaved hop-by-hop authentication against false data injection attacks in sensor networks

Authors:

Sencun Zhu,

Sanjeev Setia,

Sushil Jajodia,

Peng NingAuthors Info & Claims

ACM Transactions on Sensor Networks (TOSN), Volume 3, Issue 3

Pages 14 - es

https://doi.org/10.1145/1267060.1267062

Published: 01 August 2007 Publication History

Get Access

Abstract

Sensor networks are often deployed in unattended environments, thus leaving these networks vulnerable to false data injection attacks in which an adversary injects false data into the network with the goal of deceiving the base station or depleting the resources of the relaying nodes. Standard authentication mechanisms cannot prevent this attack if the adversary has compromised one or a small number of sensor nodes. We present three interleaved hop-by-hop authentication schemes that guarantee that the base station can detect injected false data immediately when no more than t nodes are compromised, where t is a system design parameter. Moreover, these schemes enable an intermediate forwarding node to detect and discard false data packets as early as possible. Our performance analysis shows that our scheme is efficient with respect to the security it provides, and it also allows a tradeoff between security and performance. A prototype implementation of our scheme indicates that our scheme is practical and can be deployed on the current generation of sensor nodes.

References

[1]

Anderson, R., Chan, H., and Perrig, A. 2004. Key infection: Smart trust for smart dust. In Proceedings of the IEEE International Conference on Network Protocols (ICNP'04).

Digital Library

Google Scholar

[2]

Bellare, M., Guerin, R., and Rogaway, P. 1995. Xor macs: New methods for message authentication using finite pseudorandom functions. In Proceedings of CRYPTo'95.

Digital Library

Google Scholar

[3]

Blom, R. 1985. An optimal class of symmetric key generation systems. In Advances in Cryptology, Proceedings of EUROCRYPT'84. Lecture Notes in Computer Science, vol. 209. Springer-Verlag, Berlin, Germany, 335--338.

Digital Library

Google Scholar

[4]

Blundo, C., Santis, A. D., Herzberg, A., Kutten, S., Vaccaro, U., and Yung, M. 1993. Perfectly-secure key distribution for dynamic conferences. In Advances in Cryptology, Proceedings of CRYPTO'92. Lecture Notes in Computer Science, vol. 740. Springer-Verlag, Berlin, Germany, 471--486.

Digital Library

Google Scholar

[5]

Chan, H. and Perrig, A. 2005. Pike: Peer intermediaries for key establishment in sensor networks. In Proceedings of Infocom'05.

Google Scholar

[6]

Chan, H., Perrig, A., and Song, D. 2003. Random key predistribution schemes for sensor networks. In Proceedings of the IEEE Security and Privacy Symposim'03.

Digital Library

Google Scholar

[7]

Deng, J., Han, R., and Mishra, S. 2003. Security support for in-network processing in wireless sensor networks. In Proceedings of the First ACM Workshop on the Security of Ad Hoc and Sensor Networks (SASN'03).

Digital Library

Google Scholar

[8]

Deng, J., Han, R., and Mishra, S. 2004. Intrusion tolerance strategies in wireless sensor networks. In Proceedings of the IEEE 2004 International Conference on Dependable Systems and Networks (DSN'04).

Digital Library

Google Scholar

[9]

Du, W., Deng, J., Han, Y., and Varshney, P. 2003. A pairwise key pre-distribution scheme for wireless sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS'03). 42--51.

Digital Library

Google Scholar

[10]

Eschenauer, L. and Gligor, V. 2002. A key-management scheme for distributed sensor networks. In Proceedings of ACM CCS'02.

Digital Library

Google Scholar

[11]

Goldreich, O., Goldwasser, S., and Micali, S. 1986. How to construct random functions. J. Assoc. Comput. Mach. 33, 4, 210--217.

Digital Library

Google Scholar

[12]

Hill, J., Szewczyk, R., Woo, A., Hollar, S., Culler, D. E., and Pister, K. S. J. 2000. System architecture directions for networked sensors. In Proceedings of the Conference on Architectural Support for Programming Languages and Operating Systems. 93--104.

Digital Library

Google Scholar

[13]

Hu, L. and Evans, D. 2003. Secure aggregation for wireless networks. In Proceedings of the Workshop on Security and Assurance in Ad Hoc Networks.

Digital Library

Google Scholar

[14]

Karlof, C. and Wagner, D. 2003. Secure routing in sensor networks: Attacks and countermeasures. In Proceedings of the First IEEE Workshop on Sensor Network Protocols and Applications.

Google Scholar

[15]

Karp, B. and Kung, H. 2000. GPSR: A geographic hash table for data-centric storage. In Proceedings of the ACM International Workshop on Wireless Sensor Networks and Applications.

Digital Library

Google Scholar

[16]

Lamport, L. 1981. Password authentication with insecure communication communication. Commun. ACM 24, 11, 770--772.

Digital Library

Google Scholar

[17]

Liu, D. and Ning, P. 2003a. Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks. In Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS'03). 263--276.

Google Scholar

[18]

Liu, D. and Ning, P. 2003b. Establishing pairwise keys in distributed sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03). 52--61.

Digital Library

Google Scholar

[19]

Liu, D., Ning, P., and Li, R. 2005. Establishing pairwise keys in distributed sensor networks. ACM Trans. Inform. Syst. Sec. 8, 1 (Feb.), 1--77.

Digital Library

Google Scholar

[20]

Perrig, A., Szewczyk, R., Wen, V., Culler, D. E., and Tygar, J. D. 2001. Spins: Security protocols for sensor netowrks. In Proceedings of the ACM Conference on Mobile Computing and Networking (Mobicom'01). 189--199.

Digital Library

Google Scholar

[21]

Przydatek, B., Song, D., and Perrig, A. 2003. SIA: Secure information aggregation in sensor networks. In Proceedings of ACM SenSys 2003.

Digital Library

Google Scholar

[22]

Rivest, R. 1994. The rc5 encryption algorithm. In Proceedings of the 1st International Workshop on Fast Software Encryption. 86--96.

Google Scholar

[23]

Wood, A. and Stankovic, J. 2002. Denial of service in sensor networks. IEEE Comput. 35, 10 (Oct.), 54--62.

Digital Library

Google Scholar

[24]

Xbo. 2005. Crossbow Technology Inc., San Jose, CA.

Google Scholar

[25]

Ye, F., Luo, H., Lu, S., and Zhang, L. 2004. Statistical en-route detection and filtering of injected false data in sensor networks. In Proceedings of IEEE Infocom'04.

Google Scholar

[26]

Yi, Y., Wang, X., Zhu, S., and Cao, G. 2006. SDAP: A secure hop-by-hop data aggregation protocol for sensor networks. In Proceedings of ACM Mobihoc.

Digital Library

Google Scholar

[27]

Zhu, S., Setia, S., and Jajodia, S. 2003a. LEAP: Efficient security mechanisms for large-scale distributed sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03). 62--72.

Digital Library

Google Scholar

[28]

Zhu, S., Xu, S., Setia, S., and Jajodia, S. 2003b. Establishing pair-wise keys for secure communication in ad hoc networks: A probabilistic approach. In Proceedings of the 11th IEEE International Conference on Network Protocols (ICNP'03).

Digital Library

Google Scholar

Cited By

View all

Wang SKo RBai GDong NChoi TZhang Y(2024)Evasion Attack and Defense on Machine Learning Models in Cyber-Physical Systems: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2023.334480826:2(930-966)Online publication date: Oct-2025
https://doi.org/10.1109/COMST.2023.3344808
Rocco CMoronta JBarker K(2024)Topology change detection in networks due to false data injections: a priori assessment based on graph matching techniquesLife Cycle Reliability and Safety Engineering10.1007/s41872-024-00247-9Online publication date: 10-Apr-2024
https://doi.org/10.1007/s41872-024-00247-9
Kang YCho T(2023)False Report Injection And Remote Attack Detection Method using Security Trajectory in WSN-based Fire Detection IoTProceedings of the 2023 6th Artificial Intelligence and Cloud Computing Conference10.1145/3639592.3639616(173-178)Online publication date: 16-Dec-2023
https://dl.acm.org/doi/10.1145/3639592.3639616
Show More Cited By

Index Terms

Interleaved hop-by-hop authentication against false data injection attacks in sensor networks

Recommendations

Securing data aggregation against false data injection in wireless sensor networks
ICACT'10: Proceedings of the 12th international conference on Advanced communication technology

Data aggregation is an efficient technique for reducing communication cost in wireless sensor networks. However it is vulnerable to false data injection attacks where the adversary node sends false data to the aggregation node and thus, stops the base ...
Defending collaborative false data injection attacks in wireless sensor networks

False data filtering is an important issue in wireless sensor networks. In this paper, we consider a new type of false data injection attacks called collaborative false data injection, and propose two schemes to defend such attacks. In collaborative ...
A multi-path interleaved hop-by-hop en-route filtering scheme in wireless sensor networks

A compromised node can generate a fabricated report, which results in false alarms, information loss, and a waste of precious network energy. An interleaved hop-by-hop authentication (IHA) scheme has been proposed to minimize such serious damage by ...

Reviews

Reviewer: Alessandro Berni

Unattended sensor networks are exposed to a number of threats: the physical destruction of nodes; security attacks at the routing and data-link levels; resource consumption attacks; and insider attacks, where compromised nodes are used to inject false data into the network. The authors address the insider threat posed by false data injection attacks, and propose interleaved hop-by-hop authentication schemes to detect false data packets sent by compromised nodes. Such schemes, built on top of previous work [1,2,3], supplement standard authentication concepts by allowing the immediate detection of false data when no more than t nodes are compromised. In the proposed scheme, t+1 sensor nodes within a sensor cluster agree upon a report before it is sent, and then all nodes involved in relaying the message to the final destination authenticate the report in an interleaved hop-by-hop fashion. This provides an upper bound, B , for the number of hops that a false data packet can be forwarded before it is detected and dropped. This upper bound B can be made close to zero, and with a minimal computational overhead. At the price of a slightly higher storage overhead than in other options, this enables important energy savings by avoiding further retransmissions of false data reports. Security assumptions on the proposed approach are supported by demonstrations, while performance considerations have been analyzed in a network of TinyOS MICA2 motes, which are representative of the current generation of sensor nodes. This is an interesting solution, which can be applied only to simple sensing scenarios (for example, temperature and seismic data) where the agreement of t+1 nodes can be assessed with Boolean operations. More complex scenarios will impose increasingly demanding requirements, both in terms of the sensing package and in computing power—well beyond the capabilities of today’s small and inexpensive sensors. This work will drive the development of more sophisticated probability-based decision heuristics, and the adoption of more capable hardware platforms. For the time being, this is an interesting step in the right direction. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Sensor Networks

ACM Transactions on Sensor Networks Volume 3, Issue 3

August 2007

161 pages

ISSN:1550-4859

EISSN:1550-4867

DOI:10.1145/1267060

Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 01 August 2007

Published in TOSN Volume 3, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

57
Total Citations
View Citations
1,028
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)2

Reflects downloads up to 24 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Wang SKo RBai GDong NChoi TZhang Y(2024)Evasion Attack and Defense on Machine Learning Models in Cyber-Physical Systems: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2023.334480826:2(930-966)Online publication date: Oct-2025
https://doi.org/10.1109/COMST.2023.3344808
Rocco CMoronta JBarker K(2024)Topology change detection in networks due to false data injections: a priori assessment based on graph matching techniquesLife Cycle Reliability and Safety Engineering10.1007/s41872-024-00247-9Online publication date: 10-Apr-2024
https://doi.org/10.1007/s41872-024-00247-9
Kang YCho T(2023)False Report Injection And Remote Attack Detection Method using Security Trajectory in WSN-based Fire Detection IoTProceedings of the 2023 6th Artificial Intelligence and Cloud Computing Conference10.1145/3639592.3639616(173-178)Online publication date: 16-Dec-2023
https://dl.acm.org/doi/10.1145/3639592.3639616
Wolfson OGiri PJajodia STrajcevski G(2023)Geographic-Region Monitoring by Drones in Adversarial EnvironmentsACM Transactions on Spatial Algorithms and Systems10.1145/36110099:3(1-36)Online publication date: 13-Sep-2023
https://dl.acm.org/doi/10.1145/3611009
Almansoori MElshamy AMustafa A(2022)Secure Z-MAC Protocol as a Proposed Solution for Improving Security in WSNsInformation10.3390/info1303010513:3(105)Online publication date: 23-Feb-2022
https://doi.org/10.3390/info13030105
Lee CChen LChu HHsieh C(2022)Design and Implementation of a Leader-Follower Smart Office Lighting Control System Based on IoT TechnologyIEEE Access10.1109/ACCESS.2022.315849410(28066-28079)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3158494
Wang PZhang LPan JLi F(2022)A Practical Data Authentication Scheme for Unattended Wireless Sensor Networks Using Physically Unclonable FunctionsWireless Algorithms, Systems, and Applications10.1007/978-3-031-19208-1_48(579-590)Online publication date: 24-Nov-2022
https://dl.acm.org/doi/10.1007/978-3-031-19208-1_48
Miao KZhang WQiu X(2022)An adaptive unscented Kalman filter approach to secure state estimation for wireless sensor networksAsian Journal of Control10.1002/asjc.278325:1(629-636)Online publication date: 7-Feb-2022
https://doi.org/10.1002/asjc.2783
Chu HLee CChen LLee Y(2021)An Expandable Modular Internet of Things (IoT)-Based Temperature Control Power ExtenderElectronics10.3390/electronics1005056510:5(565)Online publication date: 27-Feb-2021
https://doi.org/10.3390/electronics10050565
Yousefpoor MYousefpoor EBarati HBarati AMovaghar AHosseinzadeh M(2021)Secure data aggregation methods and countermeasures against various attacks in wireless sensor networksJournal of Network and Computer Applications10.1016/j.jnca.2021.103118190:COnline publication date: 15-Sep-2021
https://dl.acm.org/doi/10.1016/j.jnca.2021.103118
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Securing data aggregation against false data injection in wireless sensor networks

Defending collaborative false data injection attacks in wireless sensor networks

A multi-path interleaved hop-by-hop en-route filtering scheme in wireless sensor networks

Reviews

Access critical reviews of Computing literature here