A neighbor information based false data filtering scheme in wireless sensor networks
来源期刊:中南大学学报(英文版)2012年第11期
论文作者:LIU Zhi-xiong(刘志雄) WANG Jian-xin(王建新) ZHANG Shi-geng(张士庚)
文章页码:3147 - 3153
Key words:wireless sensor network; false report filtering; neighbor information; collaborative attack; compromise tolerance
Abstract: In sensor networks, the adversaries can inject false data reports from compromised nodes. Previous approaches to filter false reports, e.g., SEF, only verify the correctness of the message authentication code (MACs) carried in each data report on intermediate nodes, thus cannot filter out fake reports that are forged in a collaborative manner by a group of compromised nodes, even if these compromised nodes distribute in different geographical areas. Furthermore, if the adversary obtains keys from enough (e.g., more than t in SEF) distinct key partitions, it then can successfully forge a data report without being detected en-route. A neighbor information based false report filtering scheme (NFFS) in wireless sensor networks was presented. In NFFS, each node distributes its neighbor information to some other nodes after deployment. When a report is generated for an observed event, it must carry the IDs and the MACs from t detecting nodes. Each forwarding node checks not only the correctness of the MACs carried in the report, but also the legitimacy of the relative position of these detecting nodes. Analysis and simulation results demonstrate that NFFS can resist collaborative false data injection attacks efficiently, and thus can tolerate much more compromised nodes than existing schemes.
LIU Zhi-xiong(刘志雄)1,2, WANG Jian-xin(王建新)1, ZHANG Shi-geng(张士庚)1
(1. School of Information Science and Engineering, Central South University, Changsha 410083, China;
2. Department of Computer Science and Technology, Changsha University, Changsha 410003, China)
Abstract:In sensor networks, the adversaries can inject false data reports from compromised nodes. Previous approaches to filter false reports, e.g., SEF, only verify the correctness of the message authentication code (MACs) carried in each data report on intermediate nodes, thus cannot filter out fake reports that are forged in a collaborative manner by a group of compromised nodes, even if these compromised nodes distribute in different geographical areas. Furthermore, if the adversary obtains keys from enough (e.g., more than t in SEF) distinct key partitions, it then can successfully forge a data report without being detected en-route. A neighbor information based false report filtering scheme (NFFS) in wireless sensor networks was presented. In NFFS, each node distributes its neighbor information to some other nodes after deployment. When a report is generated for an observed event, it must carry the IDs and the MACs from t detecting nodes. Each forwarding node checks not only the correctness of the MACs carried in the report, but also the legitimacy of the relative position of these detecting nodes. Analysis and simulation results demonstrate that NFFS can resist collaborative false data injection attacks efficiently, and thus can tolerate much more compromised nodes than existing schemes.
Key words:wireless sensor network; false report filtering; neighbor information; collaborative attack; compromise tolerance