Abstract-The two-tier architecture consisting of a small number of resource-abundant storage nodes in the upper tier and a large number of sensors in the lower tier could be promising for large-scale sensor networks in terms of resource efficiency, network capacity, network management complexity, etc. In this architecture, each sensor having multiple sensing capabilities periodically forwards the multidimensional sensed data to the storage node, which responds to the queries, such as range query, top-query, and skyline query. Unfortunately, node compromises pose the great challenge of securing the data collection; the sensed data could be leaked to or could be manipulated by the compromised nodes. Furthermore, chunks of the sensed data could be dropped maliciously, resulting in an incomplete query result, which is the most difficult security breach. Here, we propose a simple yet effective hash tree-based framework, under which data confidentiality, query result authenticity, and query result completeness can be guaranteed simultaneously. In addition, the subtree sampling technique, which could be of independent interest to the other applications, is proposed to efficiently identify the compromised nodes. Last, analytical and extensive simulation studies are conducted to evaluate the performance and security of our methods. Prototype implementation on TelosB mote demonstrates the practicality of our proposed methods.Index Terms-Multidimensional query, secure query, sensor network.
Abstract-Sensor networks are vulnerable to false data injection attack and path-based denial of service (PDoS) attack. While conventional authentication schemes are insufficient for solving these security conflicts, an en-route filtering scheme, enabling each forwarding node to check the authenticity of the received message, acts as a defense against these two attacks. To construct an efficient en-route filtering scheme, this paper first presents a Constrained Function-based message Authentication (CFA) scheme, which can be thought of as a hash function directly supporting the en-route filtering functionality. Obviously, the crux of the scheme lies on the design of guaranteeing each sensor to have en-route filtering capability. Together with the redundancy property of sensor networks, which means that an event can be simultaneously observed by multiple sensor nodes, the devised CFA scheme is used to construct a CFA-based en-route filtering (CFAEF) scheme. In addition to the resilience against false data injection and PDoS attacks, CFAEF is inherently resilient against false endorsement-based DoS attack. In contrast to most of the existing methods, which rely on complicated security associations among sensor nodes, our design, which directly exploits an en-route filtering hash function, appears to be novel. We examine the CFA and CFAEF schemes from both the theoretical and numerical aspects to demonstrate their efficiency and effectiveness. Moreover, prototype implementation on TelosB mote demonstrates the practicality of our proposed method.
Abstract-Ensuring the security of communication and access control in Wireless Sensor Networks (WSNs) is of paramount importance. In this paper, we present a security mechanism, MoteSec-Aware, built on the network layer for WSNs with focus on secure network protocol and data access control. In the secure network protocol of MoteSec-Aware, a Virtual Counter Manager (VCM) with a synchronized incremental counter is presented to detect the replay and jamming attacks based on the symmetric key cryptography using AES in OCB mode. For access control, we investigate the Key-Lock Matching (KLM) method to prevent unauthorized access. We implement MoteSec-Aware for the TelosB prototype sensor platform running TinyOS 1.1.15, and conduct field experiments and TOSSIM-based simulations to evaluate the performance of MoteSec-Aware. The results demonstrate that MoteSec-Aware consumes much less energy, yet achieves higher security than several state-of-the-art methods.
Abstract-A large-scale wireless sensor network constructed in terms of two-tiered architecture, where cloud nodes take charge of storing sensed data and processing queries with respect to the sensing nodes and querists, incurs security breach. This is because the importance of cloud nodes makes them attractive to adversaries and raises concerns about data privacy and query result correctness. To address these problems, we propose an efficient approach, namely EQ (efficient query), which mainly prevents adversaries from gaining the information processed by or stored in cloud nodes, and detects the compromised cloud nodes when they misbehave. EQ can not only achieve the goals of data privacy and integrity preserving but also ensure the secure range query without incurring false positive. For data privacy preserving, EQ presents an order encryption mechanism by adopting stream cipher to encrypt/decrypt all sensed data such that a cloud node can only process issued queries over stored data in the encryption domain. For data integrity/completeness, we manipulate a data structure of XOR linked list (X2L), which allows a querist to verify the integrity of retrieved data via the socalled verification information, i.e., neighborhood difference in a storage-efficient manner. We demonstrate the feasibility and efficiency of EQ via experiments conducted on TelosB prototype sensor platform running TinyOS 1.1.15 and comparisons with state-of-the-arts.
Physical unclonable function (PUF), a hardware-efficient approach, has drawn a lot of attention in the security research community for exploiting the inevitable manufacturing variability of integrated circuits (IC) as the unique fingerprint of each IC. However, analog PUF is not robust and resistant to environmental conditions. In this paper, we propose a digital PUF-based secure authentication model using the emergent spin-transfer torque magnetic random-access memory (STT-MRAM) PUF (called STT-DPSA for short). STT-DPSA is an original secure identity authentication architecture for Internet of Things (IoT) devices to devise a computationally lightweight authentication architecture which is not susceptible to environmental conditions. Considering hardware security level or cell area, we alternatively build matrix multiplication or stochastic logic operation for our authentication model. To prove the feasibility of our model, the reliability of our PUF is validated via the working windows between temperature interval (−35 ∘ C, 110 ∘ C) and Vdd interval [0.95 V, 1.16 V] and STT-DPSA is implemented with parameters n = 32, i = o = 1024, k = 8, and l = 2 using FPGA design flow. Under this setting of parameters, an attacker needs to take time complexity O( 2 256 ) to compromise STT-DPSA. We also evaluate STT-DPSA using Synopsys design compiler with TSMC 0.18 um process.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.