Demonstrating a lightweight data provenance for sensor networks

Shebaro, Bilal; Sultana, Salmin; Gopavaram, Shakthidhar; Bertino, Elisa

doi:10.1145/2382196.2382312

Cited by 30 publications

(20 citation statements)

References 9 publications

(8 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…RPL is a standardized routing protocol for the IP-connected IoT. It creates a Destination-Oriented Directed Acyclic Graph (DODAG) and supports 2 modes of operation (1,2,5,6) in NT and also routing entries (5,6,8,9,10) in RT.…”

Section: Overview Of the Rpl Protocolmentioning

confidence: 99%

“…It has many ingredients (for instance, confidentiality, integrity, availability, privacy, and non-repudiation) as discussed in [8]. In wireless sensor networks (WSNs), the idea of incorporating provenance has been discussed in [9]- [15]. In comparison to WSNs, the idea of provenance in the IoT is yet to be explored keeping in view the challenging requirements and constraints associated with the novel architecture of the IoT.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Provenance-enabled packet path tracing in the RPL-based internet of things

et al. 2020

View full text Add to dashboard Cite

The interconnection of resource-constrained and globally accessible things with untrusted and unreliable Internet make them vulnerable to attacks including data forging, false data injection, and packet drop that affects applications with critical decisionmaking processes. For data trustworthiness, reliance on provenance is considered to be an effective mechanism that tracks both data acquisition and data transmission. However, provenance management for sensor networks introduces several challenges, such as low energy, bandwidth consumption, and efficient storage. This paper attempts to identify packet drop (either maliciously or due to network disruptions) and detect faulty or misbehaving nodes in the Routing Protocol for Low-Power and Lossy Networks (RPL) by following a bi-fold provenance-enabled packed path tracing (PPPT) approach. Firstly, a system-level ordered-provenance information encapsulates the data generating nodes and the forwarding nodes in the data packet. Secondly, to closely monitor the dropped packets, a node-level provenance in the form of the packet sequence number is enclosed as a routing entry in the routing table of each participating node. Lossless in nature, both approaches conserve the provenance size satisfying processing and storage requirements of IoT devices. Finally, we evaluate the efficacy of the proposed scheme with respect to provenance size, provenance generation time, and energy consumption.

show abstract

Section: Overview Of the Rpl Protocolmentioning

confidence: 99%

mentioning

confidence: 99%

Provenance-enabled packet path tracing in the RPL-based internet of things

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Identifying the links that data traverses in a wireless network is examined in [17], which proposes a provenance mechanism where intermediate nodes in a multi-hop sensor network use Bloom filters to imprint path information on transit packets such that the basestation can verify the path of each packet. This has the advantage that it can identify malicious nodes.…”

Section: Prior Workmentioning

confidence: 99%

Securing First-Hop Data Provenance for Bodyworn Devices Using Wireless Link Fingerprints

Ali

Sivaraman

Ostry

et al. 2014

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Abstract-Wireless bodyworn sensing devices are fast becoming popular for fitness, sports training and personalized healthcare applications. Securing data generated by these devices is essential if they are to be integrated into the current health infrastructure and employed in medical applications. In this paper, we propose a mechanism to secure data provenance for these devices by exploiting spatio-temporal characteristics of the wireless channel that these devices use for communication. Our solution enables two parties to generate closely matching 'link fingerprints' which uniquely associate a data session with a wireless link such that a third party can later verify the details of the transaction, particularly the wireless link on which the data was transmitted. These fingerprints are very hard for an eavesdropper to forge, they are lightweight compared to traditional provenance mechanisms, and enable interesting security properties such as accountability, non-repudiation, and resist man-in-the-middle attacks. We validate our technique with experiments using bodyworn sensors in scenarios approximating actual device deployment, and present some extensions which reduce energy consumption. We believe this is a promising first step towards using wireless-link characteristics for data provenance in body area networks.

show abstract

“…However, if the packet matches one of the offloaded rules, the NetFPGA will drop the packet (it will not be passed to Snort) and trigger Snort to increment the counter associated to that rule. Bloom filter is an efficient data structure which is widely deployed in networking and security applications [29][30]. Bloom filter represents a set of elements that can be used for pattern matching with a certain false positive probability.…”

Section: A Hardware Architecturementioning

confidence: 99%

Accelerating snort NIDS using NetFPGA-based Bloom filter

Al-Dalky

Salah

Otrok

et al. 2014

2014 International Wireless Communications and Mobile Computing Conference (IWCMC)

View full text Add to dashboard Cite

In recent years, network intrusion detection systems (NIDS) have faced a serious throughput challenge as a result of the rapid increase of network links to 1 and 10 Gbps rates. Consequently, this calls for NIDS to have wire-speed packet processing and real-time detection of malicious traffic. Snort is the most popular NIDS. Snort is an open source software-based NIDS and runs as a single threaded application. Snort processing and detection capabilities can be limited in networks with 1 and 10 Gbps network links. To overcome such a limitation, we present a design and implementation of two layer NIDS for accelerating Snort detection. The design combines hardware and software components whereby Snort operates as the second line of defense after hardware-assisted inspection of packet headers. In our design, Snort's frequently used rules are offloaded from Snort to a NetFPGA-based hardware layer. The NetFPGA implementation is based on Bloom filter to analyze and filter incoming packets with header fields matching those of frequently used rules. The second line of defense will dynamically offload the most frequently triggered rules to the NetFPGA and will only be executed if deep packet analysis is required for the incoming packet. The experimental results show a significant improvement in the CPU usage and an enormous reduction in packet loss when using Snort with NetFPGA filtering.

show abstract

Demonstrating a lightweight data provenance for sensor networks

Cited by 30 publications

References 9 publications

Provenance-enabled packet path tracing in the RPL-based internet of things

Provenance-enabled packet path tracing in the RPL-based internet of things

Securing First-Hop Data Provenance for Bodyworn Devices Using Wireless Link Fingerprints

Accelerating snort NIDS using NetFPGA-based Bloom filter

Contact Info

Product

Resources

About