Controlled link establishment attacks on distributed sensor networks and countermeasures
- Publication Type:
- Issue Date:
For over a decade, the boom in research, development, and application of distributed sensor networks (DSNs) has enabled their pervasion in many aspects of human life. In such networks, collaboration among sensor nodes plays a key role in resolving distributed tasks. Typically, traditional cryptographic protections such as encryption and authentication are utilised to secure this collaboration against malicious attacks. Unfortunately, this secured collaboration is undermined by an attack named Controlled Link Establishment Attack (CLEA). To launch CLEA, the attacker first captures and compromises a limited number of nodes to extract their secret information. Next, the attacker repetitively utilises the compromised nodes and secret information to create overwhelming controlled links with legitimate nodes. These controlled links are then used to subvert network-wide cooperative efforts or gain the control of the network. This thesis comprises two parts: CLEA investigation and development of new countermeasures against CLEA. The investigation involves (i) identifying and characterising CLEA based on the examination of actual instances (ii) undertaking a literature review of existing key establishment schemes for DSNs and pinpointing their vulnerability to CLEA (iii) performing a comprehensive survey of existing countermeasures applicable to defend against CLEA, and (iv) studying the feasibility of CLEA. The conclusion drawn from this investigation is that although CLEA is a real and serious threat, no sufficiently robust and efficient countermeasures have been found in the literature to defeat the attack. The development starts with a study of related works that can be used as building blocks for new countermeasures followed by their description. The proposed countermeasures can be classified into either protection-based approach or detection-based approach. Following the first approach, three schemes focusing on protecting key establishment schemes by leveraging a cryptographic one-way hash chain are developed. Following the second approach, three schemes are introduced. The first two schemes are capable of detecting and stamping out CLEA attempts from the beginning. The final scheme is even more powerful than the previous ones with the ability to identify and revoke the source of the attack. Finally, thorough evaluations of the proposed schemes in respect of security features and performance overheads are carried out through intensive analyses, simulations, implementation, and extensive comparison with other schemes. The findings from these evaluations indicate that the proposed schemes achieve robust and effective prevention, detection, and revocation capability against CLEA with reasonable overheads. In comparison, the protection-based schemes are more performance efficient but less security effective than the detection-based schemes. They are all suitable for use in the current generation of sensor nodes.
Please use this identifier to cite or link to this item: