Least privilege and privilege deprivation

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Least privilege and privilege deprivation: towards tolerating mobile sink compromises in wireless sensor networks

Full text

Pdf (700 KB)

Source

International Symposium on Mobile Ad Hoc Networking & Computing archive
Proceedings of the 6th ACM international symposium on Mobile ad hoc networking and computing table of contents

Urbana-Champaign, IL, USA

SESSION: Sensor networks table of contents

Pages: 378 - 389

Year of Publication: 2005

ISBN:1-59593-004-3

Authors

Wensheng Zhang	Pennsylvania State University, University Park, PA
Hui Song	Pennsylvania State University, University Park, PA
Sencun Zhu	Pennsylvania State University, University Park, PA
Guohong Cao	Pennsylvania State University, University Park, PA

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 9, Downloads (12 Months): 50, Citation Count: 10

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1062689.1062737 What is a DOI?

ABSTRACT

Mobile sinks are needed in many sensor network applications for efficient data collection, data querying, localized sensor reprogramming, identifying and revoking compromised sensors, and other network maintenance. Employing mobile sinks however raises a new security challenge: if a mobile sink is given too many privileges, it will become very attractive for attack and compromise. Using a compromised mobile sink, an adversary may easily bring down or even take over the sensor network. Thus, security mechanisms that can tolerate mobile sink compromises are essential. In this paper, based on the principle of least privilege, we first propose several efficient schemes to restrict the privilege of a mobile sink without impeding its capability of carrying out any authorized operations for an assigned task. To further reduce the possible damages caused by a compromised mobile sink, we then propose efficient message forwarding schemes for depriving the privilege assigned to a compromised mobile sink immediately after its compromise has been detected. Through detailed analysis and simulations, we show that our schemes are secure and efficient, and are highly practical for sensor networks consisting of the current generation of sensors.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	I. F. Akyildiz , W. Su , Y. Sankarasubramaniam , E. Cayirci, Wireless sensor networks: a survey, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.38 n.4, p.393-422, 15 March 2002 [doi>10.1016/S1389-1286(01)00302-4]
	2	Aman Kansal , Arun A. Somasundara , David D. Jea , Mani B. Srivastava , Deborah Estrin, Intelligent fluid infrastructure for embedded networks, Proceedings of the 2nd international conference on Mobile systems, applications, and services, June 06-09, 2004, Boston, MA, USA [doi>10.1145/990064.990080]
	3	Y. Tirta, Z. Li, Y. Lu, and S. Bagchi, "Efficient Collection of Sensor Data in Remote Fields Using Mobile Collectors," The 13th International Conference on Computer Communications and Networks (ICCCN 2004), October 2004.
	4	Fan Ye , Haiyun Luo , Jerry Cheng , Songwu Lu , Lixia Zhang, A two-tier data dissemination model for large-scale wireless sensor networks, Proceedings of the 8th annual international conference on Mobile computing and networking, September 23-28, 2002, Atlanta, Georgia, USA [doi>10.1145/570645.570664]
	5	Wensheng Zhang , Guohong Cao , Tom La Porta, Data Dissemination with Ring-Based Index for Wireless Sensor Networks, Proceedings of the 11th IEEE International Conference on Network Protocols, p.305, November 04-07, 2003
	6	D. Liu and P. Ning, "Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks," in Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS'03), 2003, pp. 263--276.
	7	Adrian Perrig , Robert Szewczyk , Victor Wen , David Culler , J. D. Tygar, SPINS: security protocols for sensor netowrks, Proceedings of the 7th annual international conference on Mobile computing and networking, p.189-199, July 2001, Rome, Italy [doi>10.1145/381677.381696]
	8	Haowen Chan , Adrian Perrig , Dawn Song, Random Key Predistribution Schemes for Sensor Networks, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.197, May 11-14, 2003
	9	Wenliang Du , Jing Deng , Yunghsiang S. Han , Pramod K. Varshney, A pairwise key pre-distribution scheme for wireless sensor networks, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948118]
	10	Laurent Eschenauer , Virgil D. Gligor, A key-management scheme for distributed sensor networks, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA [doi>10.1145/586110.586117]
	11	Donggang Liu , Peng Ning, Establishing pairwise keys in distributed sensor networks, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948119]
	12	Sencun Zhu , Sanjeev Setia , Sushil Jajodia, LEAP: efficient security mechanisms for large-scale distributed sensor networks, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948120]
	13	C. Karlof and D. Wagner, "Secure Routing in Sensor Networks: Attacks and Countermeasures," Proc. of First IEEE Workshop on Sensor Network Protocols and Applications, May 2003.
	14	Anthony D. Wood , John A. Stankovic, Denial of Service in Sensor Networks, Computer, v.35 n.10, p.54-62, October 2002 [doi>10.1109/MC.2002.1039518]
	15	Jing Deng , Richard Han , Shivakant Mishra, Intrusion Tolerance and Anti-Traffic Analysis Strategies For Wireless Sensor Networks, Proceedings of the 2004 International Conference on Dependable Systems and Networks (DSN'04), p.637, June 28-July 01, 2004
	16	F. Stajano and R. Anderson, "The protection of information in computing systems," in Proceedings of the IEEE, 1975.
	17	CROSSBOW TECHNOLOGY INC., "Wireless sensor networks," http://www.xbow.com/Products/ Wireless_Sensor_Networks.htm.
	18	UC~Berkeley The EECS~department, "Cotsbots: The mobile mote-based robots," http://www-bsac.eecs.berkeley.edu/projects/cotsbots/.
	19	Ya Xu , John Heidemann , Deborah Estrin, Geography-informed energy conservation for Ad Hoc routing, Proceedings of the 7th annual international conference on Mobile computing and networking, p.70-84, July 2001, Rome, Italy [doi>10.1145/381677.381685]
	20	Saurabh Ganeriwal , Ram Kumar , Mani B. Srivastava, Timing-sync protocol for sensor networks, Proceedings of the 1st international conference on Embedded networked sensor systems, November 05-07, 2003, Los Angeles, California, USA [doi>10.1145/958491.958508]
	21	S. Capkun and J. Hubaux, "Secure positioning in sensor networks," in Technical report EPFL/IC/200444.
	22	Loukas Lazos , Radha Poovendran, SeRLoc: secure range-independent localization for wireless sensor networks, Proceedings of the 2004 ACM workshop on Wireless security, October 01-01, 2004, Philadelphia, PA, USA [doi>10.1145/1023646.1023650]
	23	Oded Goldreich , Shafi Goldwasser , Silvio Micali, How to construct random functions, Journal of the ACM (JACM), v.33 n.4, p.792-807, Oct. 1986 [doi>10.1145/6490.6503]
	24	Carlo Blundo , Alfredo De Santis , Amir Herzberg , Shay Kutten , Ugo Vaccaro , Moti Yung, Perfectly-Secure Key Distribution for Dynamic Conferences, Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, p.471-486, August 16-20, 1992
	25	Ralph C. Merkle, A certified digital signature, Proceedings on Advances in cryptology, p.218-238, July 1989, Santa Barbara, California, United States
	26	R. Rivest, "The rc5 encryption algorithm," in Proceedings of the 1st International Workshop on Fast Software Encryption, 1994, pp. 86--96.
	27	F. Ye, H. Luo, S. Lu, and L. Zhang, "Statistical en-route detection and filtering of injected false data in sensor networks," in Proceedings of IEEE Infocom'04, 2004.
	28	Young-Bae Ko , N. H. Vaidya, GeoTORA: a protocol for geocasting in mobile ad hoc networks, Proceedings of the 2000 International Conference on Network Protocols, p.240, November 14-17, 2000
	29	Qingfeng Huang , Chenyang Lu , Gruia-Catalin Roman, Spatiotemporal multicast in sensor networks, Proceedings of the 1st international conference on Embedded networked sensor systems, November 05-07, 2003, Los Angeles, California, USA [doi>10.1145/958491.958516]
	30	Prosenjit Bose , Pat Morin , Ivan Stojmenović , Jorge Urrutia, Routing with guaranteed delivery in ad hoc wireless networks, Proceedings of the 3rd international workshop on Discrete algorithms and methods for mobile computing and communications, p.48-55, August 20-20, 1999, Seattle, Washington, United States [doi>10.1145/313239.313282]
	31	Brad Karp , H. T. Kung, GPSR: greedy perimeter stateless routing for wireless networks, Proceedings of the 6th annual international conference on Mobile computing and networking, p.243-254, August 06-11, 2000, Boston, Massachusetts, United States [doi>10.1145/345910.345953]
	32	Fabian Kuhn , Roger Wattenhofer , Aaron Zollinger, Worst-Case optimal and average-case efficient geometric ad-hoc routing, Proceedings of the 4th ACM international symposium on Mobile ad hoc networking & computing, June 01-03, 2003, Annapolis, Maryland, USA [doi>10.1145/778415.778447]
	33	Adrian Perrig , Robert Szewczyk , Victor Wen , David Culler , J. D. Tygar, SPINS: security protocols for sensor netowrks, Proceedings of the 7th annual international conference on Mobile computing and networking, p.189-199, July 2001, Rome, Italy [doi>10.1145/381677.381696]
	34	Sergio Marti , T. J. Giuli , Kevin Lai , Mary Baker, Mitigating routing misbehavior in mobile ad hoc networks, Proceedings of the 6th annual international conference on Mobile computing and networking, p.255-265, August 06-11, 2000, Boston, Massachusetts, United States [doi>10.1145/345910.345955]
	35	Saurabh Ganeriwal , Mani B. Srivastava, Reputation-based framework for high integrity sensor networks, Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, October 25-25, 2004, Washington DC, USA [doi>10.1145/1029102.1029115]
	36	Sencun Zhu , Shouhuai Xu , Sanjeev Setia , Sushil Jajodia, Establishing Pairwise Keys for Secure Communication in Ad Hoc Networks: A Probabilistic Approach, Proceedings of the 11th IEEE International Conference on Network Protocols, p.326, November 04-07, 2003
	37	Dijiang Huang , Manish Mehta , Deep Medhi , Lein Harn, Location-aware key management scheme for wireless sensor networks, Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, October 25-25, 2004, Washington DC, USA [doi>10.1145/1029102.1029110]
	38	Jing Deng , Richard Han , Shivakant Mishra, Security support for in-network processing in Wireless Sensor Networks, Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks, October 31, 2003, Fairfax, Virginia [doi>10.1145/986858.986870]
	39	S. Zhu, S. Setia, S. Jajodia, and P. Ning, "An Interleaved Hop-by-Hop Authentication Scheme for Filtering False Data in Sensor Networks," IEEE Symposium on Security and Privacy, 2004.
	40	F. Ye, H. Luo, S. Lu, and L. Zhang, "Statistical En-route Filtering of Injected False Data in Sensor Networks," IEEE INFOCOM'04, March 2004.
	41	Y. Hu, A. Perrig, and D. Johnson, "Packet Leashes: A Defense against Wormhole Attacks in Wireless Ad Hoc Networks," Proceedings of INFOCOM 2003, April 2003.
	42	W. Zhang and G. Cao, "Group rekeying for filtering false data in sensor networks: A predistribution and local collaboration based approach," IEEE INFOCOM'05, 2005.

CITED BY 9

	Hidehisa Nakayama , Nirwan Ansari , Abbas Jamalipour , Nei Kato, Fault-resilient sensing in wireless sensor networks, Computer Communications, v.30 n.11-12, p.2375-2384, September, 2007
	Yi Yang , Xinran Wang , Sencun Zhu, SDAP:: a secure hop-by-Hop data aggregation protocol for sensor networks, Proceedings of the seventh ACM international symposium on Mobile ad hoc networking and computing, May 22-25, 2006, Florence, Italy
	Sencun Zhu , Sanjeev Setia , Sushil Jajodia, LEAP+: Efficient security mechanisms for large-scale distributed sensor networks, ACM Transactions on Sensor Networks (TOSN), v.2 n.4, p.500-528, November 2006
	Katharine Chang , Kang G. Shin, Distributed Authentication of Program Integrity Verification in Wireless Sensor Networks, ACM Transactions on Information and System Security (TISSEC), v.11 n.3, p.1-35, March 2008
	Jian Li , Prasant Mohapatra, Analytical modeling and mitigation techniques for the energy hole problem in sensor networks, Pervasive and Mobile Computing, v.3 n.3, p.233-254, June, 2007
	Yi Yang , Xinran Wang , Sencun Zhu , Guohong Cao, SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks, ACM Transactions on Information and System Security (TISSEC), v.11 n.4, p.1-43, July 2008
	Roberto Di Pietro , Luigi V. Mancini , Claudio Soriente , Angelo Spognardi , Gene Tsudik, Playing hide-and-seek with a focused mobile adversary in unattended wireless sensor networks, Ad Hoc Networks, v.7 n.8, p.1463-1475, November, 2009
	Rui Zhang , Jing Shi , Yanchao Zhang, Secure multidimensional range queries in sensor networks, Proceedings of the tenth ACM international symposium on Mobile ad hoc networking and computing, May 18-21, 2009, New Orleans, LA, USA
	An-Ni Shen , Song Guo , Victor Leung, A flexible and efficient key distribution scheme for renewable wireless sensor networks, EURASIP Journal on Wireless Communications and Networking, 2009, p.1-9, February 2009