Distributed Authentication of Program Integrity Verification in Wireless Sensor Networks

摘要

Security in wireless sensor networks has become important as they are being developed and deployed for an increasing number of applications. The severe resource constraints in each sensor make it very challenging to secure sensor networks. Moreover, sensors are usually deployed in hostile and unattended environments and hence are susceptible to various attacks, including node capture, physical tampering, and manipulation of the sensor program. Park and Shin [2005] proposed a soft tamper-proofing scheme that verifies the integrity of the program in each sensor device, called the program integrity verification (PIV), in which sensors authenticate PIV servers (PIVSs) using centralized and trusted third-party entities, such as authentication servers (ASs). This article presents a distributed authentication protocol of PIVSs (DAPP) without requiring the commonly used ASs. DAPP uses the Blundo scheme [Blundo et al. 1992] for sensors and PIVSs to establish pairwise keys and for PIVSs to authenticate one another. We also present a protocol for PIVSs to cooperatively detect and revoke malicious PIVSs in the network. We implement and evaluate both DAPP and PIV on Mica2 Motes and laptops, showing that DAPP reduces the sensors' communication traffic in the network by more than 90% and the energy consumption on each sensor by up to 85%, as compared to the case of using a centralized AS for authenticating PIVSs. We also analyze the security of DAPP under various attack models, demonstrating its capability in dealing with diverse types of attacks.