• Journal of the Korea Society of Computer and Information
• /
• v.16 no.10
• /
• pp.121-129
• /
• 2011

In wireless sensor networks, a compromised sensor node can inject false data during data aggregation. Existing solutions of securing data aggregation require high communication cost in securing data aggregation. In this paper, we propose a monitoring-based secure data aggregation protocol that minimizes communication cost of identifying the location of false data injection attacks. The main idea is that when monitoring nodes find an injected false data, their reporting messages along with Message Authentication Codes (MACs) are summarized in a single message before sending it to the Base Station (BS). Then the BS identifies the attacking node. The simulation shows that energy consumption of the proposed protocol with short and normal concatenations of MACs are 45% and 36% lower than that of an existing protocol, respectively.

• Journal of Internet Computing and Services
• /
• v.11 no.6
• /
• pp.61-72
• /
• 2010

Spectrum scarcity problem and increasing spectrum demand for new wireless applications have embossed the importance of cognitive radio technology; the technology enables the sharing of channels among secondary (unlicensed) and primary (licensed) users on a non-interference basis after sensing the vacant channel. To enhance the accuracy of sensing, distributed spectrum sensing is proposed. However, it is necessary to provide the robustness against the compromised sensing nodes in the distributed spectrum sensing. RDSS, a fusion mechanism based on the reputation of sensing nodes and WSPRT (weighted sequential probability ratio test), was proposed. However, in RDSS, the execution number of WSPRT could increase according to the order of inputted sensing values, and the fast defense against the forged values is difficult. In this paper, we propose an enhanced fusion mechanism to input the sensing values in reputation order and exclude the sensing values with the high possibility to be compromised, using the trend of reputation variation. We evaluate our mechanism through simulation. The results show that our mechanism improves the robustness against attack with the smaller number of sensing values and more accurate detection ratio than RDSS.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.23 no.6
• /
• pp.558-564
• /
• 2013

Wireless sensor networks (WSNs) contain limited energy resources and are left in open environments. Since these sensor nodes are self-operated, attacks such as sinkhole attacks are possible as they can be compromised by an adversary. The sinkhole attack may cause to change initially constructed routing paths, and capture of significant information at the compromised node. A localized encryption and authentication protocol (LEAP) has been proposed to authenticate packets and node states by using four types of keys against the sinkhole attack. Even though this novel approach can securely transmits the packets to a base station, the packets are forwarded along the constructed paths without checking the next hop node states. In this paper, we propose the next hop node selection method to cater this problem. Our proposed method evaluates the next hop node considering three factors (i.e., remaining energy level, number of shared keys, and number of filtered false packets). When the suitability criterion for next hop node selection is satisfied against a fix threshold value, the packet is forwarded to the next hop node. We aim to enhance energy efficiency and a detour of attacked areas to be effectively selected Experimental results demonstrate validity of the proposed method with up to 6% energy saving against the sinkhole attack as compared to the LEAP.

• Journal of the Korea Society for Simulation
• /
• v.20 no.4
• /
• pp.31-40
• /
• 2011

Sensor nodes are easily exposed to malicious attackers by physical attacks. The attacker can generate various attacks using compromised nodes in a sensor network. The false report generating application layers injects the network by the compromised node. If a base station has the injected false report, a false alarm also occurs and unnecessary energy of the node is used. In order to defend the attack, a statistical en-route filtering method is proposed to filter the false report that goes to the base station as soon as possible. A path renewal method, which improves the method, is proposed to maintain a detection ability of the statistical en-route filtering method and to consume balanced energy of the node. In this paper, we proposed the secure path cycle method to consume effective energy for a path renewal. To select the secure path cycle, the base station determines through hop counts and the quantity of report transmission by an evaluation function. In addition, three methods, which are statistical en-route filter, path selection method, and path renewal method, are evaluated with our proposed method for efficient energy use. Therefore, the proposed method keeps the secure path and makes the efficiency of energy consumption high.

• Journal of the Korea Society for Simulation
• /
• v.19 no.2
• /
• pp.73-80
• /
• 2010

A wireless sensor network which is deployed in hostile environment can be easily compromised by attackers. The selective forwarding attack can jam the packet or drop a sensitive packet such as the movement of the enemy on data flow path through the compromised node. Xiao, Yu and Gao proposed the checkpoint-based multi-hop acknowledgement scheme(CHEMAS). In CHEMAS, each path node enable to be the checkpoint node according to the pre-defined probability and then can detect the area where the selective forwarding attacks is generated through the checkpoint nodes. In this scheme, the number of hops is very important because this parameter may trade off between energy conservation and detection capacity. In this paper, we used the fuzzy rule system to determine adaptive threshold value which is the number of hops for the ACK packets. In every period, the base station determines threshold value while using fuzzy logic. The energy level, the number of compromised node, and the distance to each node from base station are used to determine threshold value in fuzzy logic.

• Convergence Security Journal
• /
• v.8 no.1
• /
• pp.19-26
• /
• 2008

In wireless sensor networks, an adversary can launch the wormhole attacks, where a malicious node captures packets at one location and tunnels them to a colluding node, which retransmits them locally. The wormhole attacks are very dangerous against routing protocols since she might launch these attacks during neighbor discovery phase. A strategic placement of a wormhole can result in a significant breakdown in communication across the network. This paper presents a compromise-resilient tunneled packet filtering method for sensor networks. The proposed method can detect a tunneled message with hop count alteration by a comparison between the hop count of the message and one of the encrypted hop counts attached in the message. Since the proposed method limits the amount of security information assigned to each node, the impact of wormhole attacks using compromised nodes can be reduced.

• Journal of Information Technology Services
• /
• v.3 no.2
• /
• pp.119-127
• /
• 2004

A mobile ad hoc network(MANET) is a network where a set of mobile devices communicate among themselves using wireless transmission without the support of a fixed network infrastructure. The use of wireless links makes MANET susceptible to attack. Eavesdroppers can access secret information, violating network confidentiality, and compromised nodes can launch attack from within a network. Therefore, the security for MANET depends on using the cryptographic key, which can make the network reliable. In addition, because MANET has a lot of mobile devices, the authentication scheme utilizing only the symmetric key cryptography can not support a wide range of device authentication. Thereby, PKI based device authentication technique in the Ad Hoc network is essential and the paper will utilize the concept of PKI. Especially, this paper is focused on the key management technique of PKI technologies that can offer the advantage of the key distribution, authentication, and non-reputation, and the issuing and managing technique of certificates based on clustering using Threshold Cryptography for secure communication in MANET.

• Journal of the Korea Society for Simulation
• /
• v.20 no.3
• /
• pp.69-78
• /
• 2011

A large-scale sensor network usually operates in open and unattended environments, hence individual sensor node is vulnerable to various attacks. Therefore, malicious attackers can physically capture sensor nodes and inject false reports into the network easily through compromised nodes. These false reports are forwarded to the base station. The false report injection attack causes not only false alarms, but also the depletion of the restricted energy resources in a battery powered network. The statistical en-route filtering (SEF) mechanism was proposed to detect and drop false reports en route. In SEF, the choice of routing paths largely affect the energy consumption rate and the detecting power of the false report. To sustain the secure routing path, when and how to execute the path re-selection is greatly need by reason of the frequent network topology change and the nodes's limitations. In this paper, the regional path re-selection period determination method is proposed for efficient usage of the limited energy resource. A fuzzy logic system is exploited in order to dynamically determine the path re-selection period and compose the routing path. The simulation results show that up to 50% of the energy is saved by applying the proposed method.

• Journal of Internet Computing and Services
• /
• v.11 no.3
• /
• pp.139-148
• /
• 2010

In the sensor network security area, previous works were mainly concentrated on achieving authentication, confidentiality, integrity and availability. But the ID exposure issue is recently an increasing concern in research community. To protect the ID exposure from various attacks, the most common approach is to make use of a dynamic pseudonym rather than the real ID. However, if a node's secret key (or hash key) and the current pseudonym (such as a random number) are exposed, the attacker can easily generate the previous/next pseudonyms. In this paper, we propose a security infra-structure scheme for enabling strong anonymity of sensor nodes. Our scheme ensures that the probability being able to generate a pseudonym is very low even if a sensor node has been compromised with an attacker. Security analyses have proven that our scheme is suitable for sensor network environments in terms of preserving of forward anonymity as well as backward anonymity.