A Novel Algorithm for Defending Path-Based Denial of Service Attacks in Sensor Networks

Existing end-to-end security mechanisms are vulnerable to path-based denial of service attacks (PDoS). If checking integrity and authenticity of a message is done only at the final destination, the intermediate nodes are going to forward bogus packets injected by an adversary many hops before they are detected. Therefore, the adversary can easily overwhelm intermediate nodes by bogus or replayed packets. This attack exhausts the nodes along the path. In addition, other downstream nodes that depend on the exhausted nodes as intermediate nodes will be isolated, and they have to find alternative paths. Regarding broadcast traffic that originated from the base station, if packets were injected by an adversary, the whole network's nodes will be exhausted. Therefore, there is a need to enable intermediate nodes to filter out bogus packets. We adopted a link layer security scheme to enable en route intermediate nodes to filter out any bogus or replayed packet as soon as it is injected into the network. Our scheme can handle different types of traffic. Simulation results show that our algorithm outperforms the one-way hash chain (OHC) algorithm and that it is more scalable