Detection of denial-of-message attacks on sensor network broadcasts

2005 IEEE Symposium on Security and Privacy (S&P'05) Pub Date : 2005-05-08 DOI:10.1109/SP.2005.7

Jonathan M. McCune, E. Shi, A. Perrig, M. Reiter

{"title":"Detection of denial-of-message attacks on sensor network broadcasts","authors":"Jonathan M. McCune, E. Shi, A. Perrig, M. Reiter","doi":"10.1109/SP.2005.7","DOIUrl":null,"url":null,"abstract":"So far sensor network broadcast protocols assume a trustworthy environment. However in safety and mission-critical sensor networks this assumption may not be valid and some sensor nodes might be adversarial. In these environments, malicious sensor nodes can deprive other nodes from receiving a broadcast message. We call this attack a denial-of-message attack (DoM). In this paper we model and analyze this attack, and present countermeasures. We present SIS, a secure implicit sampling scheme that permits a broadcasting base station to probabilistically detect the failure of nodes to receive its broadcast, even if these failures result from an attacker motivated to induce these failures undetectably. SIS works by eliciting authenticated acknowledgments from a subset of nodes per broadcast, where the subset is unpredictable to the attacker and tunable so as to mitigate acknowledgment implosion on the base station. We use a game-theoretic approach to evaluate this scheme in the face of an optimal attacker that attempts to maximize the number of nodes it denies the broadcast while remaining undetected by the base station, and show that SIS significantly constrains such an attacker even in sensor networks exhibiting high intrinsic loss rates. We also discuss extensions that permit more targeted detection capabilities.","PeriodicalId":6366,"journal":{"name":"2005 IEEE Symposium on Security and Privacy (S&P'05)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2005-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"163","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2005 IEEE Symposium on Security and Privacy (S&P'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.2005.7","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 163

Abstract

So far sensor network broadcast protocols assume a trustworthy environment. However in safety and mission-critical sensor networks this assumption may not be valid and some sensor nodes might be adversarial. In these environments, malicious sensor nodes can deprive other nodes from receiving a broadcast message. We call this attack a denial-of-message attack (DoM). In this paper we model and analyze this attack, and present countermeasures. We present SIS, a secure implicit sampling scheme that permits a broadcasting base station to probabilistically detect the failure of nodes to receive its broadcast, even if these failures result from an attacker motivated to induce these failures undetectably. SIS works by eliciting authenticated acknowledgments from a subset of nodes per broadcast, where the subset is unpredictable to the attacker and tunable so as to mitigate acknowledgment implosion on the base station. We use a game-theoretic approach to evaluate this scheme in the face of an optimal attacker that attempts to maximize the number of nodes it denies the broadcast while remaining undetected by the base station, and show that SIS significantly constrains such an attacker even in sensor networks exhibiting high intrinsic loss rates. We also discuss extensions that permit more targeted detection capabilities.

查看原文本刊更多论文

传感器网络广播中拒绝报文攻击的检测

到目前为止，传感器网络广播协议假设了一个可信的环境。然而，在安全和关键任务传感器网络中，这种假设可能不成立，一些传感器节点可能是对抗性的。在这些环境中，恶意传感器节点可以阻止其他节点接收广播消息。我们称这种攻击为拒绝消息攻击(DoM)。本文对这种攻击进行了建模和分析，并提出了相应的对策。我们提出SIS，一种安全的隐式采样方案，允许广播基站概率检测节点接收其广播的故障，即使这些故障是由攻击者动机引起的，无法检测到这些故障。SIS的工作原理是从每次广播的节点子集中引出经过身份验证的确认，其中子集对攻击者来说是不可预测的，并且可以进行调整，以减轻基站上的确认内爆。面对最优攻击者，我们使用博弈论方法来评估该方案，该攻击者试图最大化其拒绝广播的节点数量，同时不被基站检测到，并表明即使在具有高内在损失率的传感器网络中，SIS也显着限制了这样的攻击者。我们还讨论了允许更有针对性的检测功能的扩展。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2005 IEEE Symposium on Security and Privacy (S&P'05)

自引率

0.00%

发文量