A secure over-the-air programming scheme in wireless sensor networks

Over-The-Air dissemination of code updates in Wireless Sensor Networks (WSNs) have been researchers’ point of interest in past a few years and more importantly security challenges toward remote propagation of code update have taken the majority of efforts in this context. Many security models have been proposed to establish a balance between the energy consumption and security strengthen with having their concentration on constraint nature of WSN nodes. For authentication purposes most of them have used Merkle-Hash-Tree to avoid using multiple public cryptography operations. These models mostly have assumed an environment in which security has to be in a standard level and therefore they have not investigated the tree structure for mission-critical situations in which security has to be in maximum possible extent (e.g. military zones). Two major problems have been identified in Merkle Tree structure which is used in Seluge scheme, including: 1) an exponential growth in number of overhead packets when block size of hash algorithm used in design is increased. 2) Limitation of using hash algorithms with larger block size of 11 bytes when payload size is set to 72 bytes. Then several existing security models are investigated for possible vulnerabilities and a set of countermeasures correspondingly named Security Model Requirements (SMR) is provided. After concentrating on Seluge’s design, a new secure Over-The-Air Programming (OTAP) scheme named Seluge++ is proposed that complies with SMR and replaces the use of inefficient Merkle Tree with a novel method

Fast recovery from node compromise in wireless sensor networks

Wireless Sensor Networks (WSNs) are susceptible to a wide range of security attacks in hostile environments due to the limited processing and energy capabilities of sensor nodes. Consequently, the use of WSNs in mission critical applications requires reliable detection and fast recovery from these attacks. While much research has been devoted to detecting security attacks, very little attention has been paid yet to the recovery task. In this paper, we present a novel mechanism that is based on dynamic network reclustering and node reprogramming for recovering from node compromise. In response to node compromise, the proposed recovery approach reclusters the network excluding compromised nodes; thus allowing normal network operation while initiating node recovery procedures. We propose a novel reclustering algorithm that uses 2-hop neighbourhood information for this purpose. For node reprogramming we propose the modified Deluge protocol. The proposed node recovery mechanism is both decentralized and scalable. Moreover, we demonstrate through its implementation on a TelosB-based sensor network testbed that the proposed recovery method performs well in a low-resource WSN.<br /

A network access control framework for 6LoWPAN networks

Low power over wireless personal area networks (LoWPAN), in particular wireless sensor networks, represent an emerging technology with high potential to be employed in critical situations like security surveillance, battlefields, smart-grids, and in e-health applications. The support of security services in LoWPAN is considered a challenge. First, this type of networks is usually deployed in unattended environments, making them vulnerable to security attacks. Second, the constraints inherent to LoWPAN, such as scarce resources and limited battery capacity, impose a careful planning on how and where the security services should be deployed. Besides protecting the network from some well-known threats, it is important that security mechanisms be able to withstand attacks that have not been identified before. One way of reaching this goal is to control, at the network access level, which nodes can be attached to the network and to enforce their security compliance. This paper presents a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes

Lightweight authentication for recovery in wireless sensor networks

Wireless sensor networks (WSNs) suffer from a wide range of security attacks due to their limited processing and energy capabilities. Their use in numerous mission critical applications, however, requires that fast recovery from such attacks be achieved. Much research has been completed on detection of security attacks, while very little attention has been paid to recovery from an attack. In this paper, we propose a novel, lightweight authentication protocol that can secure network and node recovery operations such as re-clustering and reprogramming. Our protocol is based on hash functions and we compare the performance of two well-known lightweight hash functions, SHA-1 and Rabin. We demonstrate that our authentication protocol can be implemented efficiently on a sensor network test-bed with TelosB motes. Further, our experimental results show that our protocol is efficient both in terms of computational overhead and execution times which makes it suitable for low resourced sensor devices.<br /