The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.04 - April (2011 vol.22)
pp: 673-686
Shucheng Yu , Worcester Polytechnic Institute, Worcester
Kui Ren , Illinois Institute of Technology, Chicago
Wenjing Lou , Worcester Polytechnic Institute, Worcester
ABSTRACT
Distributed sensor data storage and retrieval have gained increasing popularity in recent years for supporting various applications. While distributed architecture enjoys a more robust and fault-tolerant wireless sensor network (WSN), such architecture also poses a number of security challenges especially when applied in mission-critical applications such as battlefield and e-healthcare. First, as sensor data are stored and maintained by individual sensors and unattended sensors are easily subject to strong attacks such as physical compromise, it is significantly harder to ensure data security. Second, in many mission-critical applications, fine-grained data access control is a must as illegal access to the sensitive data may cause disastrous results and/or be prohibited by the law. Last but not least, sensor nodes usually are resource-constrained, which limits the direct adoption of expensive cryptographic primitives. To address the above challenges, we propose, in this paper, a distributed data access control scheme that is able to enforce fine-grained access control over sensor data and is resilient against strong attacks such as sensor compromise and user colluding. The proposed scheme exploits a novel cryptographic primitive called attribute-based encryption (ABE), tailors, and adapts it for WSNs with respect to both performance and security requirements. The feasibility of the scheme is demonstrated by experiments on real sensor platforms. To our best knowledge, this paper is the first to realize distributed fine-grained data access control for WSNs.
INDEX TERMS
Data access control, wireless sensor network, distributed storage, attribute-based encryption.
CITATION
Shucheng Yu, Kui Ren, Wenjing Lou, "FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks", IEEE Transactions on Parallel & Distributed Systems, vol.22, no. 4, pp. 673-686, April 2011, doi:10.1109/TPDS.2010.130
REFERENCES
[1] S. Yu, K. Ren, and W. Lou, "FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks," Proc. IEEE INFOCOM, Apr. 2009.
[2] I.F. Akyildiz and I.H. Kasimoglu, "Wireless Sensor and Actor Networks: Research Challenges," Ad Hoc Networks, vol. 2, no. 4, pp. 351-367, Oct. 2004.
[3] I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, "A Survey on Sensor Networks," IEEE Comm. Magazine, vol. 40, no. 8, pp. 102-116, Aug. 2002.
[4] C.-Y. Chong and S.P. Kumar, "Sensor Networks: Evolution, Opportunities, and Challenges," Proc. IEEE, vol. 91, no. 8, pp. 1247-1256, Aug. 2003.
[5] A. Cerpa, J. Elson, D. Estrin, L. Girod, M. Hamilton, and J. Zhao, "Habitat Monitoring: Application Driver for Wireless Communications Technology," Proc. ACM SIGCOMM Workshop Data Comm. in Latin Am. and the Caribbean, Apr. 2001.
[6] D. Estrin, D. Culler, and K. Pister, "Connecting the Physical World with Pervasive Networks," IEEE Pervasive Computing, vol. 1, no. 1, pp. 59-69, Jan.-Mar. 2002.
[7] B. Thuraisingham, "Secure Sensor Information Management and Mining," IEEE Signal Processing Magazine, vol. 21, no. 3, pp. 14-19, May 2004.
[8] A. Banerjee, A. Mitra, W. Najjar, D. Zeinalipour-Yazti, V. Kalogeraki, and D. Gunopulos, "RISE Co-S: High Performance Sensor Storage and Co-Processing Architecture," Proc. Second Ann. IEEE Comm. Soc. Conf. Sensor and Ad Hoc Comm. and Networks (SECON '05), 2005.
[9] A. Mitra, A. Banerjee, W. Najjar, D. Zeinalipour-Yazti, V. Kalogeraki, and D. Gunopulos, "High-Performance Low Power Sensor Platforms Featuring Gigabyte Scale Storage," Proc. Ann IEEE/ACM Int'l Conf. Mobile and Ubiquitous Systems: Networking and Service (MobiQuitous '05), 2005.
[10] G. Mathur, P. Desnoyers, D. Ganesan, and P. Shenoy, "Capsule: An Energy-Optimized Object Storage System for Memory-Constrained Sensor Devices," Proc. ACM Conf. Embedded Networked Sensor Systems (Sensys), Nov. 2006.
[11] D. Zeinalipour-Yazti, V. Kalogeraki, D. Gunopulos, A. Mitra, A. Banerjee, and W. Najjar, "Towards In-Situ Data Storage in Sensor Databases," Proc. 10th Panhellenic Conf. Informatics (PCI '05), pp. 36-46, 2005.
[12] S. Ratnasamy, B. Karp, L. Yin, F. Yu, D. Estrin, R. Govindan, and S. Shenker, "GHT: A Geographic Hash Table for Data-Centric Storage," Proc. Int'l Workshop Wireless Sensor Networks and Applications (WSNA '02), Sept. 2002.
[13] J. Newsome and D. Song, "GEM:Graph Embedding for Routing and Data-Centric Storage in Sensor Networks without Geographic Information," Proc. ACM Conf. Embedded Networked Sensor Systems (SenSys '03), Nov. 2003.
[14] J. Girao, D. Westhoff, E. Mykletun, and T. Araki, "Tinypeds: Tiny Persistent Encrypted Data Storage in Asynchronous Wireless Sensor Networks," Ad Hoc Networks, vol. 5, no. 7, pp. 1073-1089, 2007.
[15] R.D. Pietro, L.V. Mancini, C. Soriente, A. Spognardi, and G. Tsudik, "Catch Me (If You Can): Data Survival in Unattended Sensor Networks," Proc. Sixth Ann. IEEE Int'l Conf. Pervasive Computing and Comm. (PerCom '08), Mar. 2008.
[16] Q. Wang, K. Ren, W. Lou, and Y. Zhang, "Dependable and Secure Sensor Data Storage with Dynamic Integrity Assurance," Proc. IEEE INFOCOM, Apr. 2009.
[17] S. Zhu, S. Xu, S. Setia, and S. Jajodia, "LHAP: A Lightweight Hop-by-Hop Authentication Protocol for Ad-Hoc Networks," Proc. IEEE Int'l Conf. Distributed Computing Systems Workshops (ICDCSW '03), May 2003.
[18] F. Ye, H. Luo, S. Lu, and L. Zhang, "Statistical En-Route Filtering of Injected False Data in Sensor Networks," Proc. IEEE INFOCOM, Mar. 2004.
[19] H. Chan, A. Perrig, and D. Song, "Random Key Predistribution Schemes for Sensor Networks," Proc. IEEE Symp. Security and Privacy (S & P '03), May 2003.
[20] M. Shao, S. Zhu, W. Zhang, and G. Cao, "pDCS: Security and Privacy Support for Data-Centric Sensor Networks," IEEE Trans. Mobile Computing, vol. 8, no. 8, pp. 1023-1038, Aug. 2009.
[21] R.D. Pietro, L. Mancini, C. Soriente, A. Spognardi, and G. Tsudik, "Playing Hide-and-Seek with a Focused Mobile Adversary in Unattended Wireless Sensor Networks," Ad Hoc Networks, vol. 7, no. 8, pp. 1463-1475, 2009.
[22] W. Zhang, H. Song, S. Zhu, and G. Cao, "Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Networks," ACM Trans. Sensor Networks, vol. 4, no. 4, Nov. 2008.
[23] H. Wang and Q. Li, "Distributed User Access Control in Sensor Networks," Proc. IEEE Int'l Conf. Distributed Computing Systems (DCOSS), June 2006.
[24] H. Wang, B. Sheng, C.C. Tan, and Q. Li, "Comparing Symmetric-Key and Public-Key Based Schemes in Sensor Networks: A Case Study for User Access Control," Proc. IEEE Int'l Symp. Distributed Computing Systems (ICDCS), June 2008.
[25] C.C. Tan, H. Wang, S. Zhong, and Q. Li, "Body Sensor Network Security: An Identity-Based Cryptography Approach," Proc. ACM Conf. Wireless Network Security (WiSec), Mar.-Apr. 2008.
[26] N. Subramanian, C. Yang, and W. Zhang, "Securing Distributed Data Storage and Retrieval in Sensor Networks," Pervasive and Mobile Computing, (Special Issue for PerCom 2007), vol. 3, no. 6, pp. 659-676, Nov. 2007.
[27] M. Albrecht, C. Gentry, S. Halevi, and J. Katz, "Attacking Cryptographic Schemes Based on 'Perturbation Polynomials'," Cryptology ePrint Archive Report 2009/098, 2009.
[28] D. Boneh, C. Gentry, and B. Waters, "Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys," Proc. Advances in Crytology (CRYPTO '05), 2005.
[29] L. Cheung, J. Cooley, R. Khazan, and C. Newport, "Collusion-Resistant Group Key Management Using Attribute-Based Encryption," Cryptology ePrint Archive Report 2007/161, 2007.
[30] A. Fiat and M. Noar, "Broadcast Encryption," Proc. Advances in Crytology (CRYPTO '93), 1993.
[31] D. Naor, M. Naor, and J. Lotspiech, "Revocation and Tracing Schemes for Stateless Receivers," Proc. Advances in Crytology (CRYPTO '01), 2001.
[32] B. Karp and H. Kung, "GPSR: Greedy Perimeter Stateless Routing for Wireless Networks," Proc. ACM Mobicom, Aug. 2000.
[33] V. Goyal, O. Pandey, A. Sahai, and B. Waters, "Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data," Proc. ACM Conf. Computer and Comm. Security (CCS), 2006.
[34] J. Bethencourt, A. Sahai, and B. Waters, "Ciphertext-Policy Attribute-Based Encryption," Proc. IEEE Symp. Security and Privacy (S & P), 2007.
[35] S. Yu, K. Ren, and W. Lou, "Attribute-Based On-Demand Multicast Group Setup with Membership Anonymity," Proc. Int'l Conf. Security and Privacy in Comm. Networks (SecureComm '08), Sept. 2008.
[36] M. Goodrich, J. Sun, and R. Tamassia, "Efficient Tree-Based Revocation in Groups of Low-State Devices," Proc. Advances in Cryptology (CRYPTO), 2004.
[37] M. Waldvogel, G. Caronni, D. Sun, N. Weiler, and B. Plattner, "The VersaKey Framework: Versatile Group Key Management," IEEE J. Selected Areas in Comm., vol. 17, no. 9, pp. 1614-1631, Sept. 1999.
[38] A. Boldyreva, V. Goyal, and V. Kumar, "Identity-Based Encryption with Efficient Revocation," Proc. ACM Conf. Computer and Comm. Security (CCS), Oct. 2008.
[39] A. Sahai and B. Waters, "Fuzzy Identity-Based Encryption," Proc. Ann. Int'l Conf. Theory and Applications of Cryptographic Techniques (EUROCRYPT), May 2005.
[40] B. Krishnamachari, D. Estrin, and S. Wicker, "The Impact of Data Aggregation in Wireless Sensor Networks," Proc. Int'l Workshop Distributed Event-Based Systems, July 2002.
[41] J. Girao, D. Westhoff, and M. Schneider, "CDA: Concealed Data Aggregation for Reverse Multicast Traffic in Wireless Sensor Networks," Proc. IEEE Int'l Conf. Comm. (ICC '05), May 2005.
[42] S. Peter, D. Westhoff, and C. Castelluccia, "A Survey on the Encryption of Convergecast-Traffic with In-Network Processing," IEEE Trans. Dependable and Secure Computing, vol. 7, no. 1, pp. 20-34, Jan.-Mar. 2010.
[43] C. Castelluccia, E. Mykletun, and G. Tsudik, "Efficient Aggregation of Encrypted Data in Wireless Sensor Networks," Proc. IEEE/ACM Int'l Conf. Mobile and Ubiquitous Systems: Networking and Services (MobiQuitous '05), July 2005.
[44] S.A. Camtepe and B. Yener, "Key Distribution Mechanisms for Wireless Sensor Networks: A Survey," Technical Report TR-05-07, Rensselaer Polytechnic Inst., Computer Science Dept., 2005.
[45] K. Ren, W. Lou, and Y. Zhang, "LEDS: Providing Location-Aware End-to-End Data Security in Wireless Sensor Networks," Proc. IEEE INFOCOM, pp. 1-12, Apr. 2006.
[46] K. Ren, W. Lou, and Y. Zhang, "Multi-User Broadcast Authentication in Wireless Sensor Networks," Proc. IEEE Ann. IEEE Comm. Soc. Conf. Sensor and Ad Hoc Comm. and Networks (SECON '07), Jun. 2007.
[47] Nat'l Inst. of Standards and Tech nology, "Recommended Elliptic Curves for Federal Government Use," Aug. 1999.
[48] Certicom Research, "Standards for Efficient Cryptography C SEC 2: Recommended Elliptic Curve Domain Parameters," http://www.secg.org/collateralsec2_final.pdf , Sept. 2000.
[49] PBC Library, http://crypto.stanford.edu/pbctimes.html , 2010.
[50] TinyECC Library, http://discovery.csc.ncsu.edu/software/ TinyECC index.html, 2010.
[51] Imote2: High-performance wireless sensor network node, http://www.xbow.com/Products/Product_pdf_files/ Wireless_pdf Imote2_Datasheet.pdf , 2009.
[52] TelosB mote platform, http://www.xbow.com/Products/ Product_pdf_files/ Wireless_pdfTelosB_Datasheet.pdf , 2009.
27 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool