The Improved Broadcast Authentication Schemes in Wireless Sensor Networks

Yang, Li-Wei

15 July 2008

In the environment of wireless sensor network, while one node want to send a message to another node, the most natural way is used broadcasting to distribute the message to the whole network. In the other words, as long as one node sends messages to the other node, its neighbor nodes can also listen to these messages, and then receive them. The advantage of broadcast networks is that can efficiently distribute data to multiple receivers. However, it has some drawbacks. A sensor network may be deployed in hostile environment where there are malicious attacks. The malicious attacker can send false messages to his neighbor nodes, and then rely on these neighbor nodes to distribute over the network. So if there are not any schemes of the security authentication in the message when a node wants to use broadcast, everyone can impersonate the sender and broadcast false messages. We call this a packet injection attack. So security is a main challenge in broadcast network. In order to authenticate a broadcast message¡Ait would conform to two conditions. First, insure that the data is transmitted from the claimed source. Second, the messages are not be modified en route. TESLA has been proposed to provide such services for sensor networks¡Ait mainly use time synchronization and delay disclosure key to protect encryption key¡CHowever, this scheme still has some drawbacks, so we propose some schemes to modify TESLA in this paper, and we will show these schemes can achieve better performance than previous ones.

Broadcast Authentication Scheme

Security

Wireless Sensor Network

Secure network programming in wireless sensor networks

Tan, Hailun, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2010

Network programming is one of the most important applications in Wireless Sensor Networks as It provides an efficient way to update program Images running on sensor nodes without physical access to them. Securing these updates, however, remains a challenging and important issue, given the open deployment environment of sensor nodes. Though several security schemes have been proposed to impose the authenticity and Integrity protection on network programming applications, they are either energy Inefficient as they tend to use digital signature or lacks the data confidentiality. In addition, due to the absence of secure memory management in the current sensor hardware, the attacker could inject malicious code into the program flash by exploiting buffer overflow In the memory despite the secure code dissemination. The contribution of this thesis Is to provide two software-based security protocols and one hardware-based remote attestation protocol for network programming application. Our first protocol deploys multiple one-way key chains for a multi-hop sensor network. The scheme Is shown to be lower In computational, power consumption and communication costs yet still able to secure multi??hop propagation of program images. Our second protocol utilizes an Iterative hash structure to the data packets in network programming application, ensuring the data confidentiality and authenticity. In addition, we Integrated confidentiality and DoS-attack-resistance in a multi??hop code dissemination protocol. Our final solution is a hardware-based remote attestation protocol for verification of running codes on sensor nodes. An additional piece of tamper-proof hardware, Trusted Platform Module (TPM), is imposed into the sensor nodes. It secures the sensitive information (e.g., the session key) from attackers and monitors any platform environment changes with the Internal registers. With these features of TPM, the code Injection attack could be detected and removed when the contaminated nodes are challenged in our remote attestation protocol. We implement the first two software-based protocols with Deluge as the reference network programming protocol in TinyOS, evaluate them with the extensive simulation using TOSSIM and validate the simulation results with experiments using Tmote. We implement the remote attestation protocol on Fleck, a sensor platform developed by CSIRO that Integrates an Atmel TPM chip.

Network Programming

Broadcast Authentication

Wireless Sensor Network

Code Dissemination

Trusted Platform Module

Sensor Worm Attack

Wormhole Attack

Remote Attestation

Secure Network Protocol

Secure network programming in wireless sensor networks

Tan, Hailun, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2010

Network programming is one of the most important applications in Wireless Sensor Networks as It provides an efficient way to update program Images running on sensor nodes without physical access to them. Securing these updates, however, remains a challenging and important issue, given the open deployment environment of sensor nodes. Though several security schemes have been proposed to impose the authenticity and Integrity protection on network programming applications, they are either energy Inefficient as they tend to use digital signature or lacks the data confidentiality. In addition, due to the absence of secure memory management in the current sensor hardware, the attacker could inject malicious code into the program flash by exploiting buffer overflow In the memory despite the secure code dissemination. The contribution of this thesis Is to provide two software-based security protocols and one hardware-based remote attestation protocol for network programming application. Our first protocol deploys multiple one-way key chains for a multi-hop sensor network. The scheme Is shown to be lower In computational, power consumption and communication costs yet still able to secure multi??hop propagation of program images. Our second protocol utilizes an Iterative hash structure to the data packets in network programming application, ensuring the data confidentiality and authenticity. In addition, we Integrated confidentiality and DoS-attack-resistance in a multi??hop code dissemination protocol. Our final solution is a hardware-based remote attestation protocol for verification of running codes on sensor nodes. An additional piece of tamper-proof hardware, Trusted Platform Module (TPM), is imposed into the sensor nodes. It secures the sensitive information (e.g., the session key) from attackers and monitors any platform environment changes with the Internal registers. With these features of TPM, the code Injection attack could be detected and removed when the contaminated nodes are challenged in our remote attestation protocol. We implement the first two software-based protocols with Deluge as the reference network programming protocol in TinyOS, evaluate them with the extensive simulation using TOSSIM and validate the simulation results with experiments using Tmote. We implement the remote attestation protocol on Fleck, a sensor platform developed by CSIRO that Integrates an Atmel TPM chip.

Network Programming

Broadcast Authentication

Wireless Sensor Network

Code Dissemination

Trusted Platform Module

Sensor Worm Attack

Wormhole Attack

Remote Attestation

Secure Network Protocol