Least privilege and privilege deprivation

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Least privilege and privilege deprivation: Toward tolerating mobile sink compromises in wireless sensor networks

Full text

Pdf (607 KB)

Source

ACM Transactions on Sensor Networks (TOSN) archive
Volume 4 , Issue 4 (August 2008) table of contents

Article No. 23

Year of Publication: 2008

ISSN:1550-4859

Authors

Hui Song	Frostburg State University, Frostburg, MD
Sencun Zhu	The Pennsylvania State University, University Park, PA
Wensheng Zhang	Iowa State University, Ames, IA
Guohong Cao	The Pennsylvania State University, University Park, PA

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 25, Downloads (12 Months): 178, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1387663.1387669 What is a DOI?

ABSTRACT

Mobile sinks are needed in many sensor network applications for efficient data collection, data querying, localized sensor reprogramming, identifying, and revoking compromised sensors, and other network maintenance. Employing mobile sinks however raises a new security challenge: if a mobile sink is given too many privileges, it will become very attractive for attack and compromise. Using a compromised mobile sink, an adversary may easily bring down or even take over the sensor network. Thus, security mechanisms that can tolerate mobile sink compromises are essential. In this article, based on the principle of least privilege, we first propose an efficient scheme to restrict the privilege of a mobile sink without impeding its ability to carry out any authorized operations for an assigned task. In addition, we present an extension to allow conditional trajectory change due to unexpected events. To further reduce the possible damage caused by a compromised mobile sink, we propose efficient message forwarding schemes for deleting the privilege assigned to a compromised mobile sink immediately after its compromise has been detected. Through detailed analysis, simulation, and real implementation, we show that our schemes are secure and efficient, and are highly practical for sensor networks consisting of the current generation of sensors.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	I. F. Akyildiz , W. Su , Y. Sankarasubramaniam , E. Cayirci, Wireless sensor networks: a survey, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.38 n.4, p.393-422, 15 March 2002 [doi>10.1016/S1389-1286(01)00302-4]
	2	Anjum, F., Pandey, S., Kim, B., and Agrawal, P. 2005. Secure localization in sensor networks using transmission range variation. In Proceedings of the IEEE Conference on Mass Storage Systems and Technologies (MASS). 195--203.
	3	Mihir Bellare , Joe Kilian , Phillip Rogaway, The security of the cipher block chaining message authentication code, Journal of Computer and System Sciences, v.61 n.3, p.362-399, Dec. 2000 [doi>10.1006/jcss.1999.1694]
	4	Bergbreiter, S. and Pister, K. 2003. Cotsbots: An off-the-shelf platform for distributed robotics. In Proceedings of the IEEE/RSJ International Conference on Intelligent Roloats and Systems (IROS'03).
	5	Carlo Blundo , Alfredo De Santis , Amir Herzberg , Shay Kutten , Ugo Vaccaro , Moti Yung, Perfectly-Secure Key Distribution for Dynamic Conferences, Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, p.471-486, August 16-20, 1992
	6	Prosenjit Bose , Pat Morin , Ivan Stojmenović , Jorge Urrutia, Routing with guaranteed delivery in ad hoc wireless networks, Proceedings of the 3rd international workshop on Discrete algorithms and methods for mobile computing and communications, p.48-55, August 20-20, 1999, Seattle, Washington, United States [doi>10.1145/313239.313282]
	7	Capkun, S., Cagalj, M., and Srivastava, M. 2006. Securing localization with hidden and mobile base stations. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM '06). Barcelona, Spain.
	8	Capkun, S. and Hubaux, J. 2002. Secure positioning in sensor networks. Tech. Rep. EPFL/IC/200444 available at http://www.terminodes.org/micsPublications.php. 1278--1287.
	9	Chan, H. and Perrig, A. 2005. Pike: Peer intermediaries for key establishment in sensor networks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM).
	10	Haowen Chan , Adrian Perrig , Dawn Song, Random Key Predistribution Schemes for Sensor Networks, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.197, May 11-14, 2003
	11	Chapweske, J. and Mohr, G. 2002. Tree hash exchange format (thex). http://open-content.net/specs/draft-jchapweske-thex-01.html.
	12	Crossbow Technology Inc. Wireless sensor networks. http://www.xbow.com/Products/Wireless_Sensor_Networks.htm.
	13	Jing Deng , Richard Han , Shivakant Mishra, Security support for in-network processing in Wireless Sensor Networks, Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks, October 31, 2003, Fairfax, Virginia [doi>10.1145/986858.986870]
	14	Jing Deng , Richard Han , Shivakant Mishra, Intrusion Tolerance and Anti-Traffic Analysis Strategies For Wireless Sensor Networks, Proceedings of the 2004 International Conference on Dependable Systems and Networks, p.637, June 28-July 01, 2004
	15	Wenliang Du , Jing Deng , Yunghsiang S. Han , Pramod K. Varshney, A pairwise key pre-distribution scheme for wireless sensor networks, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948118]
	16	Laurent Eschenauer , Virgil D. Gligor, A key-management scheme for distributed sensor networks, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA [doi>10.1145/586110.586117]
	17	Saurabh Ganeriwal , Srdjan Čapkun , Chih-Chieh Han , Mani B. Srivastava, Secure time synchronization service for sensor networks, Proceedings of the 4th ACM workshop on Wireless security, September 02-02, 2005, Cologne, Germany [doi>10.1145/1080793.1080809]
	18	Saurabh Ganeriwal , Ram Kumar , Mani B. Srivastava, Timing-sync protocol for sensor networks, Proceedings of the 1st international conference on Embedded networked sensor systems, November 05-07, 2003, Los Angeles, California, USA [doi>10.1145/958491.958508]
	19	Saurabh Ganeriwal , Mani B. Srivastava, Reputation-based framework for high integrity sensor networks, Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, October 25-25, 2004, Washington DC, USA [doi>10.1145/1029102.1029115]
	20	David Gay , Philip Levis , Robert von Behren , Matt Welsh , Eric Brewer , David Culler, The nesC language: A holistic approach to networked embedded systems, Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation, June 09-11, 2003, San Diego, California, USA
	21	Oded Goldreich , Shafi Goldwasser , Silvio Micali, How to construct random functions, Journal of the ACM (JACM), v.33 n.4, p.792-807, Oct. 1986 [doi>10.1145/6490.6503]
	22	Jason Hill , Robert Szewczyk , Alec Woo , Seth Hollar , David Culler , Kristofer Pister, System architecture directions for networked sensors, Proceedings of the ninth international conference on Architectural support for programming languages and operating systems, p.93-104, November 2000, Cambridge, Massachusetts, United States
	23	Hu, Y., Perrig, A., and Johnson, D. 2003. Packet leashes: A defense against wormhole attacks in wireless ad hoc networks. Proceedings of the ACM Computer on Communications Security Conference (INFOCOM'03).
	24	Dijiang Huang , Manish Mehta , Deep Medhi , Lein Harn, Location-aware key management scheme for wireless sensor networks, Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, October 25-25, 2004, Washington DC, USA [doi>10.1145/1029102.1029110]
	25	Qingfeng Huang , Chenyang Lu , Gruia-Catalin Roman, Spatiotemporal multicast in sensor networks, Proceedings of the 1st international conference on Embedded networked sensor systems, November 05-07, 2003, Los Angeles, California, USA [doi>10.1145/958491.958516]
	26	Aman Kansal , Arun A. Somasundara , David D. Jea , Mani B. Srivastava , Deborah Estrin, Intelligent fluid infrastructure for embedded networks, Proceedings of the 2nd international conference on Mobile systems, applications, and services, June 06-09, 2004, Boston, MA, USA [doi>10.1145/990064.990080]
	27	Karlof, C. and Wagner, D. 2003. Secure routing in sensor networks: attacks and countermeasures. In Proceedings of the First IEEE Workshop on Sensor Network Protocols and Applications.
	28	Brad Karp , H. T. Kung, GPSR: greedy perimeter stateless routing for wireless networks, Proceedings of the 6th annual international conference on Mobile computing and networking, p.243-254, August 06-11, 2000, Boston, Massachusetts, United States [doi>10.1145/345910.345953]
	29	Young-Bae Ko , N. H. Vaidya, GeoTORA: a protocol for geocasting in mobile ad hoc networks, Proceedings of the 2000 International Conference on Network Protocols, p.240, November 14-17, 2000
	30	Fabian Kuhn , Roger Wattenhofer , Aaron Zollinger, Worst-Case optimal and average-case efficient geometric ad-hoc routing, Proceedings of the 4th ACM international symposium on Mobile ad hoc networking & computing, June 01-03, 2003, Annapolis, Maryland, USA [doi>10.1145/778415.778447]
	31	Loukas Lazos , Radha Poovendran, SeRLoc: Robust localization for wireless sensor networks, ACM Transactions on Sensor Networks (TOSN), v.1 n.1, p.73-100, August 2005 [doi>10.1145/1077391.1077395]
	32	Liu, D. and Ning, P. 2003a. Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks. In Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS'03). 263--276.
	33	Donggang Liu , Peng Ning, Establishing pairwise keys in distributed sensor networks, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948119]
	34	Donggang Liu , Peng Ning , Wenliang Kevin Du, Attack-resistant location estimation in sensor networks, Proceedings of the 4th international symposium on Information processing in sensor networks, April 24-27, 2005, Los Angeles, California
	35	Sergio Marti , T. J. Giuli , Kevin Lai , Mary Baker, Mitigating routing misbehavior in mobile ad hoc networks, Proceedings of the 6th annual international conference on Mobile computing and networking, p.255-265, August 06-11, 2000, Boston, Massachusetts, United States [doi>10.1145/345910.345955]
	36	McMickell, M. B., Goodwine, B., and Montestruque, L. A. 2003. Micabot: A robotic platform for large-scale distributed robotics. In Proceedings of the IEEE International Conference on Robtics & Automation.
	37	Ralph C. Merkle, A Certified Digital Signature, Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology, p.218-238, August 20-24, 1989
	38	Adrian Perrig , Robert Szewczyk , Victor Wen , David Culler , J. D. Tygar, SPINS: security protocols for sensor networks, Proceedings of the 7th annual international conference on Mobile computing and networking, p.189-199, July 2001, Rome, Italy [doi>10.1145/381677.381696]
	39	Nissanka B. Priyantha , Anit Chakraborty , Hari Balakrishnan, The Cricket location-support system, Proceedings of the 6th annual international conference on Mobile computing and networking, p.32-43, August 06-11, 2000, Boston, Massachusetts, United States [doi>10.1145/345910.345917]
	40	Nissanka B. Priyantha , Allen K.L. Miu , Hari Balakrishnan , Seth Teller, The cricket compass for context-aware mobile applications, Proceedings of the 7th annual international conference on Mobile computing and networking, p.1-14, July 2001, Rome, Italy [doi>10.1145/381677.381679]
	41	Rivest, R. 1994. The rc5 encryption algorithm. In Proceedings of the 1st International Workshop on Fast Software Encryption. 86--96.
	42	Saltzer, J. H. and Schroeder, M. D. 1975. The protection of information in computing systems. Proc. IEEE.
	43	Andreas Savvides , Chih-Chieh Han , Mani B. Strivastava, Dynamic fine-grained localization in Ad-Hoc networks of sensors, Proceedings of the 7th annual international conference on Mobile computing and networking, p.166-179, July 2001, Rome, Italy [doi>10.1145/381677.381693]
	44	Sibley, G., Rahimi, M., and Sukhatme, G. 2002. Robomote: A tiny mobile robot platform for large-scale ad hoc sensor networks. In Proceedings of the IEEE International Conference on Robtics & Automation. Vol. 2. Washington D.C., 1143--1148.
	45	Song, H., Zhu, S., and Cao, G. 2007. Attack-resilient time synchronization for wireless sensor networks. Ad Hoc Netw. 5, 1 (Jan.), 112--125.
	46	Sun, K., Ning, P., and Wang, C. 2006. Secure and resilient clock synchronization in wireless sensor networks. IEEE J. Sel. Areas Commun. 24, 2 (Feb.), 395--408.
	47	Tirta, Y., Li, Z., Lu, Y., and Bagchi, S. 2004. Efficient collection of sensor data in remote fields using mobile collectors. In Proceedings of the 13th International Conference on Computer Communications and Networks (ICCCN'04).
	48	Anthony D. Wood , John A. Stankovic, Denial of Service in Sensor Networks, Computer, v.35 n.10, p.54-62, October 2002 [doi>10.1109/MC.2002.1039518]
	49	Ya Xu , John Heidemann , Deborah Estrin, Geography-informed energy conservation for Ad Hoc routing, Proceedings of the 7th annual international conference on Mobile computing and networking, p.70-84, July 2001, Rome, Italy [doi>10.1145/381677.381685]
	50	Fan Ye , Haiyun Luo , Jerry Cheng , Songwu Lu , Lixia Zhang, A two-tier data dissemination model for large-scale wireless sensor networks, Proceedings of the 8th annual international conference on Mobile computing and networking, September 23-28, 2002, Atlanta, Georgia, USA [doi>10.1145/570645.570664]
	51	Ye, F., Luo, H., Lu, S., and Zhang, L. 2004. Statistical en route filtering of injected false data in sensor networks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM'05).
	52	Zhang, W. and Cao, G. 2004. Dctc: Dynamic convoy tree-based collaboration for target tracking in sensor networks. IEEE Trans. Wirel. Commun. 3, 5 (Sept.), 1689--1701.
	53	Zhang, W. and Cao, G. 2005. Group rekeying for filtering false data in sensor networks: A predistribution and local collaboration based approach. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM'05).
	54	Wensheng Zhang , Guohong Cao , Tom La Porta, Data Dissemination with Ring-Based Index for Wireless Sensor Networks, IEEE Transactions on Mobile Computing, v.6 n.7, p.832-847, July 2007 [doi>10.1109/TMC.2007.1019]
	55	Sencun Zhu , Sanjeev Setia , Sushil Jajodia, LEAP: efficient security mechanisms for large-scale distributed sensor networks, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948120]
	56	Zhu, S., Setia, S., Jajodia, S., and Ning, P. 2004. An interleaved hop-by-hop authentication scheme for filtering false data in sensor networks. Proceedings of the IEEE Symposium on Security and Privacy.
	57	Sencun Zhu , Shouhuai Xu , Sanjeev Setia , Sushil Jajodia, Establishing Pairwise Keys for Secure Communication in Ad Hoc Networks: A Probabilistic Approach, Proceedings of the 11th IEEE International Conference on Network Protocols, p.326, November 04-07, 2003