Sensor networks, security, broadcast authentication, DoS attacks, wireless communication
Broadcast authentication is a critical security service in wireless sensor networks. There are two general approaches for broadcast authentication in wireless sensor networks: digital signatures and µTESLA-based techniques. However, both signature-based and µTESLA-based broadcast authentication are vulnerable to Denial of Services (DoS) attacks: An attacker can inject bogus broadcast packets to force sensor nodes to perform expensive signature verifications (in case of signature-based broadcast authentication) or packet forwarding (in case of µTESLA-based broadcast authentication), thus exhausting their limited battery power. This paper presents an efficient mechanism called message specific puzzle to mitigate such DoS attacks. In addition to signature-based or µTESLA-based broadcast authentication, this approach adds a weak authenticator in each broadcast packet, which can be efficiently verified by a regular sensor node, but takes a computationally powerful attacker a substantial amount of time to forge. Upon receiving a broadcast packet, each sensor node first verifies the weak authenticator, and performs the expensive signature verification (in signature-based broadcast authentication) or packet forwarding (in µTESLA-based broadcast authentication) only when the weak authenticator is valid. A weak authenticator cannot be pre-computed without a non-reusable (or short-lived) key disclosed only in a valid packet. Even if an attacker has intensive computational resources to forge one or more weak authentication mechanism substantially increases the difficultly of launching successful DoS attacks against signature-based or µTESLA-based broadcast authentication. A limitation of this approach is that it requires a powerful sender and introduces sender-side delay. This paper also reports an implementation of the proposed techniques on TinyOS, as well as initial experimental evaluation in a network of MICAz motes.
Ning, Peng; Liu, An; and Du, Wenliang, "Mitigating DoS attacks against broadcast authentication in wireless sensor networks" (2008). Electrical Engineering and Computer Science. 105.