research-article

Least privilege and privilege deprivation: Toward tolerating mobile sink compromises in wireless sensor networks

Authors:

Wensheng Zhang,

Guohong CaoAuthors Info & Claims

ACM Transactions on Sensor Networks (TOSN), Volume 4, Issue 4

Article No.: 23, Pages 1 - 34

https://doi.org/10.1145/1387663.1387669

Published: 04 September 2008 Publication History

Abstract

Mobile sinks are needed in many sensor network applications for efficient data collection, data querying, localized sensor reprogramming, identifying, and revoking compromised sensors, and other network maintenance. Employing mobile sinks however raises a new security challenge: if a mobile sink is given too many privileges, it will become very attractive for attack and compromise. Using a compromised mobile sink, an adversary may easily bring down or even take over the sensor network. Thus, security mechanisms that can tolerate mobile sink compromises are essential. In this article, based on the principle of least privilege, we first propose an efficient scheme to restrict the privilege of a mobile sink without impeding its ability to carry out any authorized operations for an assigned task. In addition, we present an extension to allow conditional trajectory change due to unexpected events. To further reduce the possible damage caused by a compromised mobile sink, we propose efficient message forwarding schemes for deleting the privilege assigned to a compromised mobile sink immediately after its compromise has been detected. Through detailed analysis, simulation, and real implementation, we show that our schemes are secure and efficient, and are highly practical for sensor networks consisting of the current generation of sensors.

References

[1]

Akyildiz, I., Su, W., Sankarasubramaniam, Y., and Cayirci, E. 2002. Wireless sensor networks: A survey. Comput. Netw. 38, 4.

Digital Library

[2]

Anjum, F., Pandey, S., Kim, B., and Agrawal, P. 2005. Secure localization in sensor networks using transmission range variation. In Proceedings of the IEEE Conference on Mass Storage Systems and Technologies (MASS). 195--203.

[3]

Bellare, M., Kilian, J., and Rogaway, P. 2000. The security of the cipher block chaining message authentication code. J. Comput. Syst. Sci. 61, 3, 362--399.

Digital Library

[4]

Bergbreiter, S. and Pister, K. 2003. Cotsbots: An off-the-shelf platform for distributed robotics. In Proceedings of the IEEE/RSJ International Conference on Intelligent Roloats and Systems (IROS'03).

[5]

Blundo, C., Santis, A. D., Herzberg, A., Kutten, S., Vaccaro, U., and Yung, M. 1993. Perfectly-secure key distribution for dynamic conferences. In Proceedings of Advances in Cryptology, (CRYPTO'92). Lecture Notes in Computer Science, vol. 740. 471--486.

Digital Library

[6]

Bose, P., Morin, P., Stojmenovic, I., and Urrutia, J. 1999. Routing with guaranteed delivery in ad hoc wireless networks. In Proceedings of the 3rd international workshop on Discrete algorithms and methods for mobile computing and communications (DIALM '99). ACM Press, New York, NY, 48--55.

Digital Library

[7]

Capkun, S., Cagalj, M., and Srivastava, M. 2006. Securing localization with hidden and mobile base stations. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM '06). Barcelona, Spain.

[8]

Capkun, S. and Hubaux, J. 2002. Secure positioning in sensor networks. Tech. Rep. EPFL/IC/200444 available at http://www.terminodes.org/micsPublications.php. 1278--1287.

[9]

Chan, H. and Perrig, A. 2005. Pike: Peer intermediaries for key establishment in sensor networks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM).

[10]

Chan, H., Perrig, A., and Song, D. 2003. Random key predistribution schemes for sensor networks. In Proceedings of the IEEE Security and Privacy Symposim 2003.

Digital Library

[11]

Chapweske, J. and Mohr, G. 2002. Tree hash exchange format (thex). http://open-content.net/specs/draft-jchapweske-thex-01.html.

[12]

Crossbow Technology Inc. Wireless sensor networks. http://www.xbow.com/Products/Wireless_Sensor_Networks.htm.

[13]

Deng, J., Han, R., and Mishra, S. 2003. Security support for in-network processing in wireless sensor networks. In Proceedings of 1st ACM Workshop on the Security of Ad Hoc and Sensor Networks (SASN'03).

Digital Library

[14]

Deng, J., Han, R., and Mishra, S. 2004. Intrusion tolerance strategies in wireless sensor networks. In Proceedings of IEEE 2004 International Conference on Dependable Systems and Networks (DSN'04).

Digital Library

[15]

Du, W., Deng, J., Han, Y., and Varshney, P. 2003. A pairwise key pre-distribution scheme for wireless sensor networks. In Proceedings of the ACM Computer and Communications Security Conference (CCS'03). 42--51.

Digital Library

[16]

Eschenauer, L. and Gligor, V. 2002. A key-management scheme for distributed sensor networks. Proceedings of the ACM Computer and Communications Security Conference (CCS'02).

Digital Library

[17]

Ganeriwal, S., Capkun, S., Han, C.-C., and Srivastava, M. B. 2005. Secure time synchronization service for sensor networks. In Proceedings of the 4th ACM Workshop on Wireless Security (WiSe'05). ACM Press, New York, NY, 97--106.

Digital Library

[18]

Ganeriwal, S., Kumar, R., and Srivastava, M. 2003. Timing-sync protocol for sensor networks. In Proceedings of the International Conference on Embedded Networked Sensor Systems (SenSys'03).

Digital Library

[19]

Ganeriwal, S. and Srivastava, M. 2004. Reputation-based framework for high integrity sensor networks. In Proceedings of the ACM Workshop on the Security of Ad Hoc and Sensor Networks (SASN'04).

Digital Library

[20]

Gay, D., Levis, P., von Behren, R., Welsh, M., Brewer, E., and Culler, D. 2003. The nesc language: A holistic approach to networked embedded systems. In Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation (PLDI'03). ACM Press, New York, NY, 1--11.

Digital Library

[21]

Goldreich, O., Goldwasser, S., and Micali, S. 1986. How to construct random functions. J. ACM 33, 4, 210--217.

Digital Library

[22]

Hill, J., Szewczyk, R., Woo, A., Hollar, S., Culler, D., and Pister, K. 2000. System architecture directions for networked sensors. In Proceedings of the 9th Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS IX).

Digital Library

[23]

Hu, Y., Perrig, A., and Johnson, D. 2003. Packet leashes: A defense against wormhole attacks in wireless ad hoc networks. Proceedings of the ACM Computer on Communications Security Conference (INFOCOM'03).

[24]

Huang, D., Mehta, M., Medhi, D., and Harn, L. 2004. Location-aware key management scheme for wireless sensor networks. In Proceedings of the Workshop on Security of Ad Hoc and Sensor Networks.

Digital Library

[25]

Huang, Q., Lu, C., and Roman, G. 2003. Spatiotemporal multicast in sensor networks. In Proceedings of the International Conference on Embedded Networked Sensor Systems (Sensys'03).

Digital Library

[26]

Kansal, A., Somasundara, A. A., Jea, D. D., Srivastava, M. B., and Estrin, D. 2004. Intelligent fluid infrastructure for embedded networks. In Proceedings of the International Conference on Mobile Systems Applications and Services (MobiSys'04). 111--124.

Digital Library

[27]

Karlof, C. and Wagner, D. 2003. Secure routing in sensor networks: attacks and countermeasures. In Proceedings of the First IEEE Workshop on Sensor Network Protocols and Applications.

[28]

Karp, B. and Kung, H. 2000. Gpsr: Greedy perimeter stateless routing for wireless networks. In Proceedings of the Sixth Aunual ACM/IEEE International Conference on Mobile Computing and Networking (Mobicom'00).

Digital Library

[29]

Ko, Y. and Vaidya, N. 2000. Geotora: A protocol for geocasting in mobile ad hoc networks. Proceedings of the International Conference on Network Protocols (ICNP).

Digital Library

[30]

Kuhn, F., Wattenhofer, R., and Zollinger, A. 2003. Worst-case optimal and average-case efficient geometric ad hoc routing. In Proceedings of the 4th ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc'03). ACM Press, New York, NY, 267--278.

Digital Library

[31]

Lazos, L. and Poovendran, R. 2005. Serloc: Robust localization for wireless sensor networks. ACM Trans. Sen. Netw. 1, 1, 73--100.

Digital Library

[32]

Liu, D. and Ning, P. 2003a. Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks. In Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS'03). 263--276.

[33]

Liu, D. and Ning, P. 2003b. Establishing pairwise keys in distributed sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03). 52--61.

Digital Library

[34]

Liu, D., Ning, P., and Du, W. 2005. Attack-resistant location estimation in sensor networks. In Proceedings of the International Symposium on Information Processing in Sensor Networks (IPSN).

Digital Library

[35]

Marti, S., Giuli, T., Lai, K., and Baker, M. 2000. Mitigating routing misbehavior in mobile ad hoc networks. In Proceedings of the Annual Conference on Mobile Computing and Networking (MobiCom'00).

Digital Library

[36]

McMickell, M. B., Goodwine, B., and Montestruque, L. A. 2003. Micabot: A robotic platform for large-scale distributed robotics. In Proceedings of the IEEE International Conference on Robtics & Automation.

[37]

Merkle, R. 1989. A certified digital signature. In Proceedings of Advances in Cryptography. 218--238.

Digital Library

[38]

Perrig, A., Szewczyk, R., Wen, V., Culler, D., and Tygar, J. 2001. Spins: Security protocols for sensor networks. In Proceedings of the Annual Conference on Mobile Computing and Networking (MobiCom'01).

Digital Library

[39]

Priyantha, N. B., Chakraborty, A., and Balakrishnan, H. 2000. The cricket location-support system. In Proceedings of the Annual Conference on Mobile Computing and Networking (MobiCom). 32--43.

Digital Library

[40]

Priyantha, N. B., Miu, A. K., Balakrishnan, H., and Teller, S. 2001. The cricket compass for context-aware mobile applications. In Proceedings of the Annual Conference on Mobile Computing and Networking (MobiCom).

Digital Library

[41]

Rivest, R. 1994. The rc5 encryption algorithm. In Proceedings of the 1st International Workshop on Fast Software Encryption. 86--96.

[42]

Saltzer, J. H. and Schroeder, M. D. 1975. The protection of information in computing systems. Proc. IEEE.

[43]

Savvides, A., Han, C., and Srivastava, M. 2001. Dynamic fine-grained localization in ad hoc networks of sensors. In Proceedings of the Annual Conference on Mobile Computing and Networking (MobiCom). 166--179.

Digital Library

[44]

Sibley, G., Rahimi, M., and Sukhatme, G. 2002. Robomote: A tiny mobile robot platform for large-scale ad hoc sensor networks. In Proceedings of the IEEE International Conference on Robtics & Automation. Vol. 2. Washington D.C., 1143--1148.

[45]

Song, H., Zhu, S., and Cao, G. 2007. Attack-resilient time synchronization for wireless sensor networks. Ad Hoc Netw. 5, 1 (Jan.), 112--125.

[46]

Sun, K., Ning, P., and Wang, C. 2006. Secure and resilient clock synchronization in wireless sensor networks. IEEE J. Sel. Areas Commun. 24, 2 (Feb.), 395--408.

Digital Library

[47]

Tirta, Y., Li, Z., Lu, Y., and Bagchi, S. 2004. Efficient collection of sensor data in remote fields using mobile collectors. In Proceedings of the 13th International Conference on Computer Communications and Networks (ICCCN'04).

[48]

Wood, A. and Stankovic, J. 2002. Denial of service in sensor networks. IEEE Comput., 35, 10, 54--62.

Digital Library

[49]

Xu, Y., Heidemann, J., and Estrin, D. 2001. Geography informed energy conservation for ad hoc routing. In Proceedings of the Annual Conference on Mobile Computing and Networking (MOBICOM'01).

Digital Library

[50]

Ye, F., Luo, H., Cheng, J., Lu, S., and Zhang, L. 2002. A two-tier data dissemination model for large-scale wireless sensor networks. In Proceedings of the Annual Conference on Mobile Computing and Networking (MOBICOM'02), 148--159.

Digital Library

[51]

Ye, F., Luo, H., Lu, S., and Zhang, L. 2004. Statistical en route filtering of injected false data in sensor networks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM'05).

[52]

Zhang, W. and Cao, G. 2004. Dctc: Dynamic convoy tree-based collaboration for target tracking in sensor networks. IEEE Trans. Wirel. Commun. 3, 5 (Sept.), 1689--1701.

Digital Library

[53]

Zhang, W. and Cao, G. 2005. Group rekeying for filtering false data in sensor networks: A predistribution and local collaboration based approach. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM'05).

[54]

Zhang, W., Cao, G., and LaPorta, T. F. 2007. Data dissemination with ring-based index for wireless sensor networks. IEEE Trans. Mobile Comput. 6, 7, 832--847.

Digital Library

[55]

Zhu, S., Setia, S., and Jajodia, S. 2003a. Leap: efficient security mechanisms for large-scale distributed sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS'03). ACM Press, New York, NY, 62--72.

Digital Library

[56]

Zhu, S., Setia, S., Jajodia, S., and Ning, P. 2004. An interleaved hop-by-hop authentication scheme for filtering false data in sensor networks. Proceedings of the IEEE Symposium on Security and Privacy.

[57]

Zhu, S., Xu, S., Setia, S., and Jajodia, S. 2003b. Establishing pairwise keys for secure communication in ad hoc networks: A probabilistic approach. Proceedings of the IEEE International Conference on Network Protocol (ICNP).

Digital Library

Cited By

Jing-Tang LShi-Ying YJi-Jun GQi-Yang X(2018)The Trust-Based Access Control Model in the Wireless Sensor Network2018 International Conference on Networking and Network Applications (NaNA)10.1109/NANA.2018.8648742(112-116)Online publication date: Oct-2018
https://doi.org/10.1109/NANA.2018.8648742
Chen XWang L(2018)Secret-Sharing Approach for Detecting Compromised Mobile Sink in Unattended Wireless Sensor NetworksMobile Ad-hoc and Sensor Networks10.1007/978-981-10-8890-2_22(303-317)Online publication date: 28-Mar-2018
https://doi.org/10.1007/978-981-10-8890-2_22
Won JSeo SBertino E(2017)Certificateless Cryptographic Protocols for Efficient Drone-Based Smart City ApplicationsIEEE Access10.1109/ACCESS.2017.26841285(3721-3749)Online publication date: 2017
https://doi.org/10.1109/ACCESS.2017.2684128
Show More Cited By

Index Terms

Least privilege and privilege deprivation: Toward tolerating mobile sink compromises in wireless sensor networks

Recommendations

Least privilege and privilege deprivation: towards tolerating mobile sink compromises in wireless sensor networks
MobiHoc '05: Proceedings of the 6th ACM international symposium on Mobile ad hoc networking and computing

Mobile sinks are needed in many sensor network applications for efficient data collection, data querying, localized sensor reprogramming, identifying and revoking compromised sensors, and other network maintenance. Employing mobile sinks however raises ...
LEAP+: Efficient security mechanisms for large-scale distributed sensor networks

We describe LEAP+ (Localized Encryption and Authentication Protocol), a key management protocol for sensor networks that is designed to support in-network processing, while at the same time restricting the security impact of a node compromise to the ...
Group-based key pre-distribution in wireless sensor networks
WiSe '05: Proceedings of the 4th ACM workshop on Wireless security

Many key pre-distribution techniques have been developed recently to establish pairwise keys for wireless sensor networks. To further improve these schemes, researchers have proposed to take advantage of sensors' expected locations to help pre-...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Sensor Networks

ACM Transactions on Sensor Networks Volume 4, Issue 4

August 2008

295 pages

ISSN:1550-4859

EISSN:1550-4867

DOI:10.1145/1387663

Issue’s Table of Contents

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 04 September 2008

Accepted: 01 December 2007

Revised: 01 August 2006

Received: 01 January 2006

Published in TOSN Volume 4, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
703
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jing-Tang LShi-Ying YJi-Jun GQi-Yang X(2018)The Trust-Based Access Control Model in the Wireless Sensor Network2018 International Conference on Networking and Network Applications (NaNA)10.1109/NANA.2018.8648742(112-116)Online publication date: Oct-2018
https://doi.org/10.1109/NANA.2018.8648742
Chen XWang L(2018)Secret-Sharing Approach for Detecting Compromised Mobile Sink in Unattended Wireless Sensor NetworksMobile Ad-hoc and Sensor Networks10.1007/978-981-10-8890-2_22(303-317)Online publication date: 28-Mar-2018
https://doi.org/10.1007/978-981-10-8890-2_22
Won JSeo SBertino E(2017)Certificateless Cryptographic Protocols for Efficient Drone-Based Smart City ApplicationsIEEE Access10.1109/ACCESS.2017.26841285(3721-3749)Online publication date: 2017
https://doi.org/10.1109/ACCESS.2017.2684128
Won JSeo SBertino EBao FMiller SZhou JAhn G(2015)A Secure Communication Protocol for Drones and Smart ObjectsProceedings of the 10th ACM Symposium on Information, Computer and Communications Security10.1145/2714576.2714616(249-260)Online publication date: 14-Apr-2015
https://dl.acm.org/doi/10.1145/2714576.2714616
Yang PZia T(2014)EP2ACProceedings of the 2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS)10.1109/HPCC.2014.127(755-762)Online publication date: 20-Aug-2014
https://dl.acm.org/doi/10.1109/HPCC.2014.127
Liu D(2012)Efficient and Distributed Access Control for Sensor NetworksHandbook on Securing Cyber-Physical Critical Infrastructure10.1016/B978-0-12-415815-3.00009-1(227-250)Online publication date: 2012
https://doi.org/10.1016/B978-0-12-415815-3.00009-1
Ren YOleshchuk VLi FGe X(2011)Security in Mobile Wireless Sensor Networks – A SurveyJournal of Communications10.4304/jcm.6.2.128-1426:2Online publication date: 1-Apr-2011
https://doi.org/10.4304/jcm.6.2.128-142
He DBu JZhu SChan SChen C(2011)Distributed Access Control with Privacy Support in Wireless Sensor NetworksIEEE Transactions on Wireless Communications10.1109/TWC.2011.072511.10228310:10(3472-3481)Online publication date: Oct-2011
https://doi.org/10.1109/TWC.2011.072511.102283
Rasheed AMahapatra R(2011)Key Predistribution Schemes for Establishing Pairwise Keys with a Mobile Sink in Sensor NetworksIEEE Transactions on Parallel and Distributed Systems10.1109/TPDS.2010.5722:1(176-184)Online publication date: 1-Jan-2011
https://dl.acm.org/doi/10.1109/TPDS.2010.57
He DBu JZhu SYin MYi Gao Wang HChan SChen C(2011)Distributed privacy-preserving access control in a single-owner multi-user sensor network2011 Proceedings IEEE INFOCOM10.1109/INFCOM.2011.5935176(331-335)Online publication date: Apr-2011
https://doi.org/10.1109/INFCOM.2011.5935176
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents