Fast recovery from node compromise in wireless sensor networks

Wireless Sensor Networks (WSNs) are susceptible to a wide range of security attacks in hostile environments due to the limited processing and energy capabilities of sensor nodes. Consequently, the use of WSNs in mission critical applications requires reliable detection and fast recovery from these attacks. While much research has been devoted to detecting security attacks, very little attention has been paid yet to the recovery task. In this paper, we present a novel mechanism that is based on dynamic network reclustering and node reprogramming for recovering from node compromise. In response to node compromise, the proposed recovery approach reclusters the network excluding compromised nodes; thus allowing normal network operation while initiating node recovery procedures. We propose a novel reclustering algorithm that uses 2-hop neighbourhood information for this purpose. For node reprogramming we propose the modified Deluge protocol. The proposed node recovery mechanism is both decentralized and scalable. Moreover, we demonstrate through its implementation on a TelosB-based sensor network testbed that the proposed recovery method performs well in a low-resource WSN.<br /

A network access control framework for 6LoWPAN networks

Low power over wireless personal area networks (LoWPAN), in particular wireless sensor networks, represent an emerging technology with high potential to be employed in critical situations like security surveillance, battlefields, smart-grids, and in e-health applications. The support of security services in LoWPAN is considered a challenge. First, this type of networks is usually deployed in unattended environments, making them vulnerable to security attacks. Second, the constraints inherent to LoWPAN, such as scarce resources and limited battery capacity, impose a careful planning on how and where the security services should be deployed. Besides protecting the network from some well-known threats, it is important that security mechanisms be able to withstand attacks that have not been identified before. One way of reaching this goal is to control, at the network access level, which nodes can be attached to the network and to enforce their security compliance. This paper presents a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes

Energy Efficient Downstream Communication in Wireless Sensor Networks

This dissertation studies the problem of energy efficient downstream communication in Wireless Sensor Networks (WSNs). First, we present the Opportunistic Source Routing (OSR), a scalable, reliable, and energy-efficient downward routing protocol for individual node actuation in data collection WSNs. OSR introduces opportunistic routing into traditional source routing based on the parent set of a node’s upward routing in data collection, significantly addressing the drastic link dynamics in low-power and lossy WSNs. We devise a novel adaptive Bloom filter mechanism to effectively and efficiently encode a downward source-route in OSR, which enables a significant reduction of the length of source-route field in the packet header. OSR is scalable to very large-size WSN deployments, since each resource-constrained node in the network stores only the set of its direct children. The probabilistic nature of the Bloom filter passively explores opportunistic routing. Upon a delivery failure at any hop along the downward path, OSR actively performs opportunistic routing to bypass the obsolete/bad link. The evaluations in both simulations and real-world testbed experiments demonstrate that OSR significantly outperforms the existing approaches in scalability, reliability, and energy efficiency. Secondly, we propose a mobile code dissemination tool for heterogeneous WSN deployments operating on low power links. The evaluation in lab experiment and a real world WSN testbed shows how our tool reduces the laborious work to reprogram nodes for updating the application. Finally, we present an empirical study of the network dynamics of an out-door heterogeneous WSN deployment and devise a benchmark data suite. The network dynamics analysis includes link level characteristics, topological characteristics, and temporal characteristics. The unique features of the benchmark data suite include the full path information and our approach to fill the missing paths based on the principle of the routing protocol

Agilla: A Mobile Agent Middleware for Sensor Networks

Agilla is a mobile agent middleware for sensor networks. Mobile agents are special processes that can migrate across sensors. They increase network flexibility by enabling active in-network reprogramming. Neighbor lists and tuple spaces are used for agent coordination. Agilla was originally implemented on Mica2 motes, but has been ported to other platforms. Its Mica2 implementation consumes 41.6KB of code and 3.59KB of data memory. Agents can move five hops in less than 1.1s with over 92% success. Agilla was used to develop multiple applications related to fire detection and tracking, cargo container monitoring, and robot navigation

PluralisMAC: a generic multi-MAC framework for heterogeneous, multiservice wireless networks, applied to smart containers

Developing energy-efficient MAC protocols for lightweight wireless systems has been a challenging task for decades because of the specific requirements of various applications and the varying environments in which wireless systems are deployed. Many MAC protocols for wireless networks have been proposed, often custom-made for a specific application. It is clear that one MAC does not fit all the requirements. So, how should a MAC layer deal with an application that has several modes (each with different requirements) or with the deployment of another application during the lifetime of the system? Especially in a mobile wireless system, like Smart Monitoring of Containers, we cannot know in advance the application state (empty container versus stuffed container). Dynamic switching between different energy-efficient MAC strategies is needed. Our architecture, called PluralisMAC, contains a generic multi-MAC framework and a generic neighbour monitoring and filtering framework. To validate the real-world feasibility of our architecture, we have implemented it in TinyOS and have done experiments on the TMote Sky nodes in the w-iLab.t testbed. Experimental results show that dynamic switching between MAC strategies is possible with minimal receive chain overhead, while meeting the various application requirements (reliability and low-energy consumption)