Subscribe
Issue No.08 - Aug. (2012 vol.23)
pp: 1427-1438
Rui Zhang , Arizona State University, Tempe
Yanchao Zhang , Arizona State University, Tempe
Kui Ren , Illinois Institute of Technology, Chicago
ABSTRACT
The owner and users of a sensor network may be different, which necessitates privacy-preserving access control. On the one hand, the network owner need enforce strict access control so that the sensed data are only accessible to users willing to pay. On the other hand, users wish to protect their respective data access patterns whose disclosure may be used against their interests. This paper presents {\rm DP}^2{\rm{AC}}, a Distributed Privacy-Preserving Access Control scheme for sensor networks, which is the first work of its kind. Users in {\rm DP}^2{\rm{AC}} purchase tokens from the network owner whereby to query data from sensor nodes which will reply only after validating the tokens. The use of blind signatures in token generation ensures that tokens are publicly verifiable yet unlinkable to user identities, so privacy-preserving access control is achieved. A central component in {\rm DP}^2{\rm{AC}} is to prevent malicious users from reusing tokens, for which we propose a suite of distributed token reuse detection (DTRD) schemes without involving the base station. These schemes share the essential idea that a sensor node checks with some other nodes (called witnesses) whether a token has been used, but they differ in how the witnesses are chosen. We thoroughly compare their performance with regard to TRD capability, communication overhead, storage overhead, and attack resilience. The efficacy and efficiency of {\rm DP}^2{\rm{AC}} are confirmed by detailed performance evaluations.
INDEX TERMS
Wireless sensor networks, access control, privacy, security.
CITATION
Rui Zhang, Yanchao Zhang, Kui Ren, "Distributed Privacy-Preserving Access Control in Sensor Networks", IEEE Transactions on Parallel & Distributed Systems, vol.23, no. 8, pp. 1427-1438, Aug. 2012, doi:10.1109/TPDS.2011.299
REFERENCES
 [1] R. Zhang, Y. Zhang, and K. Ren, "${\rm DP}^2$ AC: Distributed Privacy-Preserving Access Control in Sensor Networks," Proc. IEEE INFOCOM '09, Apr. 2009. [2] P. Desnoyers, D. Ganesan, and P. Shenoy, "TSAR: A Two Tier Sensor Storage Architecture Using Interval Skip Graphs," Proc. Third Int'l Conf. Embedded Network Sensor Systems (SenSys '05), pp. 39-50, Nov. 2005. [3] B. Carbunar, Y. Yu, L. Shi, M. Pearce, and V. Vasudevan, "Query Privacy in Wireless Sensor Networks," Proc. IEEE Ann. Comm. Soc. Conf. Sensor, Mesh and Ad Hoc Comm. and Networks (SECON '07), pp. 203-212, June 2007. [4] B. Sheng, Q. Li, and W. Mao, "Data Storage Placement in Sensor Networks," Proc. ACM MobiHoc '06, pp. 344-355, May 2006. [5] W. Zhang, H. Song, S. Zhu, and G. Cao, "Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Networks," Proc. ACM MobiHoc '05, pp. 378-389, May 2005. [6] H. Wang and Q. Li, "Distributed User Access Control in Sensor Networks," Proc. IEEE Second Int'l Conf. Distributed Computing in Sensor Systems (DCOSS '06), pp. 305-320, June 2006. [7] D. Liu, "Efficient and Distributed Access Control in Sensor Networks," Proc. IEEE Third Int'l Conf. Distributed Computing in Sensor Systems (DCOSS '07), June 2007. [8] K. Ren, W. Lou, and Y. Zhang, "Multi-User Broadcast Authentication in Wireless Sensor Networks," Proc. IEEE Ann. Comm. Soc. Conf. Sensor, Mesh and Ad Hoc Comm. and Networks (SECON '07), pp. 223-232, June 2007. [9] M. Shao, S. Zhu, W. Zhang, and G. Cao, "pDCS: Security and Privacy Support for Data-Centric Sensor Networks," Proc. IEEE INFOCOM '07, pp. 1298-1306, May 2007. [10] Y. Zhou, Y. Zhang, and Y. Fang, "Access Control in Wireless Sensor Networks," Ad Hoc Networks, Special Issue on Security in Ad Hoc and Sensor Networks, vol. 5, no. 1, pp. 3-13, Jan. 2007. [11] ORION, http://www.joiscience.org/ocean_observing advisors, 2012. [12] NOPP, http:/www.nopp.org/, 2012. [13] IOOS, http:/www.ocean.us/, 2010. [14] K. Ren, W. Lou, K. Kim, and R. Deng, "A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments," IEEE Trans. Vehicular Technology, vol. 55, no. 4, pp. 1373-1384, July 2006. [15] D. Chaum, "Blind Signatures for Untraceable Payments," Proc. Advances in Cryptology (Crypto '82), pp. 199-203, 1982. [16] I. Osipkov, E.Y. Vasserman, N. Hopper, and Y. Kim, "Combating Double-Spending Using Cooperative P2P System," Proc. 27th Int'l Conf. Distributed Computing Systems (ICDCS '07), June 2007. [17] J.-H. Hoepman, "Distributed Double Spending Prevention," Proc. 15th Int'l Workshop Security Protocols, Apr. 2007. [18] L. Hu and D. Evans, "Localization for Mobile Sensor Networks," Proc. ACM MobiCom '04, pp. 45-57, Sept./Oct. 2004. [19] Y. Chen, K. Kleisouris, X. Li, W. Trappe, and R. Martin, "A Security and Robustness Performance Analysis of Localization Algorithms to Signal Strength Attacks," ACM Trans. Sensor Networks, vol. 5, no. 1, pp. 2:1-2:37, Feb. 2009. [20] D. Chaum, "Security Without Identification: Transaction Systems to Make Big Brother Obsolete," Comm. ACM, vol. 28, no. 10, pp. 1030-1044, Oct. 1985. [21] D. Boneh, "Twenty Years of Attacks on the RSA Cryptosystem," Notices of the Am. Math. Soc. (AMS), vol. 46, pp. 203-213, 1999. [22] A. Perrig, R. Szewczyk, J. Tygar, V. Wen, and D. Culler, "SPINS: Security Protocols for Sensor Networks," ACM Wireless Networks, vol. 8, no. 5, pp. 521-234, Sept. 2002. [23] H. Wang and Q. Li, "Efficient Implementation of Public Key Cryptosystems on Mote Sensors (Short Paper)," Proc. Eighth Int'l Conf. Information and Comm. Security (ICICS '06), vol. 4307, pp. 519-528, 2006. [24] C. Livadas and N. Lynch, "A Reliable Broadcast Scheme for Sensor Networks," Technical Report MIT-LCS-TR-915, MIT CSAIL, 2003. [25] P. Bose, P. Morin, I. Stojmenović, and J. Urrutia, "Routing with Guaranteed Delivery in Ad Hoc Wireless Networks," Proc. Third Int'l Workshop Discrete Algorithms and Methods for Mobile Computing and Comm. (DIALM '99), pp. 48-55, Aug. 1999. [26] P. Bose, P. Morin, I. Stojmenović, and J. Urrutia, "Routing with Guaranteed Delivery in Ad Hoc Wireless Networks," Wireless Networks, vol. 7, no. 6, pp. 609-616, Nov. 2001. [27] R. Sarkar, X. Zhu, and J. Gao, "Double Rulings for Information Brokerage in Sensor Networks," Proc. ACM MobiCom '06, pp. 286-297, Sept. 2006. [28] I. Stojmenović, D. Liu, and X. Jia, "A Scalable Quorum-Based Location Service in Ad Hoc and Sensor Networks," Int'l J. Comm. Networks and Distributed Systems, vol. 1, no. 1, pp. 71-94, Feb. 2008. [29] B. Nath and D. Niculescu, "Routing on a Curve," ACM SIGCOMM Computer Comm. Rev., vol. 33, no. 1, pp. 155-160, 2003. [30] P. Ning, A. Liu, and W. Du, "Mitigating Dos Attacks Against Broadcast Authentication in Wireless Sensor Networks," ACM Trans. Sensor Networks, vol. 4, no. 1, pp. 1-31, Jan. 2008. [31] B. Bloom, "Space/Time Trade-Offs in Hash Coding with Allowable Errors," Comm. ACM, vol. 13, no. 7, pp. 422-426, July 1970. [32] P. Gupta and P.R. Kumar, Stochastic Analysis, Control, Optimization and Applications: A Volume in Honor of W.H. Fleming, ch. Critical Power for Asymptotic Connectivity in Wireless Networks, Birkhauser, 1998. [33] L.E. Miller, "Distribution of Link Distances in A Wireless Network," J. Research of the Nat'l Inst. of Standards and Technology, vol. 106, pp. 401-412, 2001. [34] B. Parno, A. Perrig, and V. Gligor, "Distributed Detection of Node Replication Attacks in Sensor Networks," Proc. IEEE Symp. Security and Privacy (SP '05), pp. 49-63, May 2005. [35] B. Zhu, V.G.K. Addada, S. Setia, S. Jajodia, and S. Roy, "Efficient Distributed Detection of Node Replication Attacks in Sensor Networks," Proc. 23rd Ann. Computer Security Applications Conf. (ACSAC '07), pp. 257-267, Dec. 2007. [36] M. Conti, R.D. Pietro, L.V. Mancini, and A. Mei, "A Randomized, Efficient, and Distributed Protocol for the Detection of Node Replication Attacks in Wireless Sensor Networks," Proc. ACM MobiHoc '07, pp. 80-89, Sept. 2007. [37] W. He, X. Liu, H. Nguyen, K. Nahrstedt, and T.F. Abdelzaher, "PDA: Privacy-Preserving Data Aggregation in Wireless Sensor Networks," Proc. IEEE INFOCOM '07, pp. 2045-2053, May 2007. [38] W. He, H. Nguyen, X. Liu, K. Nahrstedt, and T. Abdelzaher, "iPDA: An Integrity-Protecting Private Data Aggregation Scheme for Wireless Sensor Networks," Proc. MilCom '08, pp. 1-7, Nov. 2008.