Wireless sensor networks provide economical and viable solutions to many monitoring problems. The practical
deployment of sensor networks, however, introduces problems that traditional networks do not face. One such
problem is <i>node compromise attack</i> in which intruders physically capture sensor nodes and harm the network
by injecting false data. False data injection attacks may deceive the base station and deplete the limited energy
resources of relaying sensor nodes. Standard authentication schemes cannot prevent these attacks if there exists
more than one compromised node in the network. This paper proposes a collaborative data authentication
protocol that detects false data injection attacks. In the proposed protocol, false data injected by less than <i>n</i>
compromised nodes are detected and eliminated by constructing consecutive Merkle Hash Trees (MHT) between
the source node and the base station where the number of leaf nodes of each MHT is <i>n</i>. The performance analysis
shows that, considering the security it provides, the proposed protocol is efficient.
Proc. SPIE. 6241, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2006
KEYWORDS: Databases, Receivers, Personal digital assistants, Data processing, Local area networks, Data communications, Information security, Computer security, Network security, Symmetric-key encryption
For the last couple of years people have become too reliant on Wireless LAN (WLAN) for information exchange. As wireless technology has no inherent physical protection, WLANs introduce new serious security threats to the personal information of individuals and organizations. Unfortunately, much of the growth has not been accompanied with an appropriate level of security for most corporate networks. The broadcast nature of wireless networks promote casual eavesdropping of data traffic with possible security threats including unauthorized use of networks, and denial of service attacks etc. Therefore, as in any environment where data is transmitted over untreated media, in order to protect the data, certain safeguards must be in place and effectively managed. To this end, this paper introduces a wireless link layer security protocol for WLANs that provides the users of IEEE 802.11 WLAN a security level close to the security level of wired networks. The proposed security protocol consists of three components: WLAN clients (STAs), WLAN Access Points (APs), and Authentication and Accounting Server (AAS). Before an STA can access the network, the user who uses the STA must be authenticated to the AP. AP must be authenticated to the STA as well, so that there is no rogue AP in the network. Finally, the communication between STAs and APs, as well as between APs and AAS are protected and defended from any kind of interception, modification and fabrication. We performed extensive simulations to evaluate the security and energy consumption performance of the proposed security protocol. The cryptographic primitives are selected based on their security and power consumption to make proposed protocol scalable and a manageable solution for low power wireless clients, such as PDAs.