Secure code distribution in dynamically programmable wireless sensor networks

Abstract: Remote reprogramming of in situ wireless sensor networks (WSNs) via the wireless link is an important capability. Securing the process of reprogramming allows each sensor node to authenticate each received code image. Due to the resource constraints of WSNs, public key schemes must be used sparingly. This paper introduces a mechanism for secure and efficient code distribution that employs public key cryptography only to sign the root of a combined structure consisting of both hash chains and hash trees. The ch… Show more

“…Several recent works have attempted to provide secure code dissemination for wireless sensor networks [8,10,17]. All these approaches are extensions to Deluge [13].…”

“…Deng et al proposed a scheme to improve the DoSresilience of secure code dissemination by using Merkle hash tree [8]. Besides having the hash image of each page in the previous one, it also uses a Merkle hash tree to allow each packet to be immediately authenticated upon receipt.…”

“…Besides having the hash image of each page in the previous one, it also uses a Merkle hash tree to allow each packet to be immediately authenticated upon receipt. However, this approach adds additional overhead due to the transmission of a Merkle hash tree for every page [8]. Moreover, it distributes each hash tree in a level-by-level fashion; only after every packet in one level is received and verified can the packets in the next level be requested.…”

“…Though all existing approaches [8,10,17] are based on Deluge [13], none of them provide a satisfactory solution to the authentication of advertisement and Selective Negative Acknowledgment (SNACK) packets. (In Deluge, such packets are used to advertise new data and facilitate the request and retransmission of packets.)…”

“…Moreover, the adversary may request packets from a non-existing node; due to the Deluge suppression mechanism, others that overhear this request will not send request for packets (to real nodes). The authors of [8] discussed the authentication of SNACK packets, but overlooked the issue of advertisement packets.…”

Seluge: Secure and DoS-Resistant Code Dissemination in Wireless Sensor Networks

“…Several recent works have attempted to provide secure code dissemination for wireless sensor networks [8,10,17]. All these approaches are extensions to Deluge [13].…”

“…Deng et al proposed a scheme to improve the DoSresilience of secure code dissemination by using Merkle hash tree [8]. Besides having the hash image of each page in the previous one, it also uses a Merkle hash tree to allow each packet to be immediately authenticated upon receipt.…”

“…Besides having the hash image of each page in the previous one, it also uses a Merkle hash tree to allow each packet to be immediately authenticated upon receipt. However, this approach adds additional overhead due to the transmission of a Merkle hash tree for every page [8]. Moreover, it distributes each hash tree in a level-by-level fashion; only after every packet in one level is received and verified can the packets in the next level be requested.…”

“…Though all existing approaches [8,10,17] are based on Deluge [13], none of them provide a satisfactory solution to the authentication of advertisement and Selective Negative Acknowledgment (SNACK) packets. (In Deluge, such packets are used to advertise new data and facilitate the request and retransmission of packets.)…”

“…Moreover, the adversary may request packets from a non-existing node; due to the Deluge suppression mechanism, others that overhear this request will not send request for packets (to real nodes). The authors of [8] discussed the authentication of SNACK packets, but overlooked the issue of advertisement packets.…”

Seluge: Secure and DoS-Resistant Code Dissemination in Wireless Sensor Networks

SecNRCC: a loss‐tolerant secure network reprogramming with confidentiality consideration for wireless sensor networks

Distributed Class Code and Data Propagation with Java