Secure routing based on distributed key sharing in large-scale sensor networks
ACM Transactions on Embedded Computing Systems (TECS)
| Hi-index | 0.00 |
Sensor networks, usually built with a large number of small, low-cost sensor devices, are characterized by their large-scale and unattended deployment that invites many critical attacks, thereby necessitating high-level security support for their intended applications and services. However, making sensor networks secure is challenging due mainly to the fact that sensors are battery-powered and it is often very difficult to change or recharge their batteries. To address this challenge, we design, develop and evaluate Lightweight S ecurity Protocols (LiSP) that cooperatively build a unified, energy-efficient security framework for sensor networks. We present two (group-based and distributed) key management/sharing schemes that are tailored to local and remote transactions, respectively. While the group-based scheme achieves efficient and robust re-keying via key broadcasting/authentication/recovery, distributed key sharing enables the development of attack-tolerant routing protocols capable of gracefully resisting device compromises as well as replacing resource-expensive, public-key-cipher-based protocols with a purely symmetric-cipher-based alternative. The problem of attack-tolerance is further investigated for the development of a secure localization protocol. The proposed protocol uses mutual collaboration among sensors to achieve high-level attack-tolerance in terms of detecting/identifying/rejecting sources of attacks, if present. Accordingly, it plays the role of an anomaly-based intrusion detection system tailored to localization that safeguards the network from localization-targeted attacks. As a countermeasure against physically tampering with sensors, we develop a novel soft tamper-proofing technique that verifies integrity of the program residing in each sensor device whenever it joins the network, or is suspected to have been compromised. Unlike other techniques unsuitable for low-cost, resource-limited sensors, our technique augments such sensors to be usable for applications that require high-level security. Finally, the benefits of our protocols are demonstrated via analysis and evaluation of their capability to defeat known security attacks, and their performance in terms of processing, communication and memory overheads.