This Article 
 Bibliographic References 
 Add to: 
Soft Tamper-Proofing via Program Integrity Verification in Wireless Sensor Networks
May/June 2005 (vol. 4 no. 3)
pp. 297-309
Small low-cost sensor devices, each equipped with limited resources, are networked and used for various critical applications, especially those related to homeland security. Making such a sensor network secure is challenging mainly because it usually has to operate in a harsh, sometimes hostile, and unattended environment, where it is subject to capture, reverse-engineering, and manipulation. To address this challenge, we present a Program-Integrity Verification (PIV) protocol that verifies the integrity of the program residing in each sensor device whenever the device joins the network or has experienced a long service blockage. The heart of PIV is the novel randomized hash function tailored to low-cost CPUs, by which the algorithm for hash computation on the program can be randomly generated whenever the program needs to be verified. By realizing this randomized hash function, the PIV protocol 1) prevents manipulation/reverse-engineering/reprogramming of sensors unless the attacker modifies the sensor hardware (e.g., attaching more memory), 2) provides purely software-based protection, and 3) triggers the verification infrequently, thus incurring minimal intrusiveness into normal sensor functions. Our performance evaluation shows that the PIV protocol is computationally efficient and incurs only a small communication overhead, hence making it ideal for use in low-cost sensor networks.

[1] R. Anderson and M. Kuhn, “Tamper Resistance— A Cautionary Note,” Proc. Second USENIX Workshop Electronic Commerce, 1996.
[2] D.W. Carman, P.S. Kruus, and B.J. Matt, “Constraints and Approaches for Distributed Sensor Network Security,” NAI Labs Technical Report #00-010, Sept. 2000.
[3] R. Anderson, “Why Cryptosystems Fail,” Comm. ACM, vol. 37, no. 11, Nov. 1994.
[4] S. Blythe, B. Fraboni, S. Lall, H. Ahmed, and U. Riu, “Layout Reconstruction of Complex Silicon Chips,” IEEE J. Solid-State Circuits, vol. 28, no. 2, Feb. 1993.
[5] C. Collberg, C. Thomborson, and D. Low, “Breaking Abstractions and Unstructuring Data Structures,” Proc. IEEE Int'l Conf. Computer Languages (ICCL '98), May 1998.
[6] C. Wang, J. Hill, J. Knight, and J. Davidson, “Software Tamper Resistance: Obstructing Static Analysis of Programs,” technical report, Dept. of Computer Science, Univ. of Virginia, 2000.
[7] C. Wang, J. Hill, J. Knight, and J. Davidson, “Protection of Software-Based Survivability Mechanisms,” Proc. Int'l Conf. Dependable Systems and Networks, July 2001.
[8] G. Wroblewski, “General Method of Program Code Obfuscation,” Proc. Int'l Conf. Software Eng. Research and Practice (SERP), June 2002.
[9] M. Blum and S. Kannan, “Designing Programs that Check Their Work,” J. ACM, vol. 42, no. 1, 1995.
[10] H. Wasserman and M. Blum, “Software Reliability via Run-Time Result-Checking,” J. ACM, vol. 44, no. 6, 1997.
[11] F. Ergun, S. Kannan, S.R. Kumar, R. Rubinfeld, and M. Vishwanathan, “Spot-Checkers,” Proc. ACM Symp. Theory of Computing (STOC '98), May 1998.
[12] D. Aucsmith, “Tamper Resistant Software: An Implementation,” Information Hiding, pp. 317-333, Springer-Verlag, 1996.
[13] C.S. Collberg and C. Thomborson, “Watermarking, Tamper-Proofing, and Obfuscation— Tools for Software Protection,” IEEE Trans. Software Eng., vol. 28, no. 8, Aug. 2002.
[14] B. Horne, L. Matheson, C. Sheehan, and R.E. Tarjan, “Dynamic Self-Checking Techniques for Improved Tamper Resistance,” Proc. First ACM Workshop Digital Rights Management (DRM), pp. 141-159, 2002.
[15] H. Chang and M.J. Atallah, “Protecting Software Code by Guards,” Proc. Second ACM Workshop Digital Rights Management (DRM), pp. 160-175, 2002.
[16] B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, and K. Yang, “On the (Im)possibility of Obfuscating Programs,” Proc. 21st Ann. IACR Crypto Conf., 2001.
[17] Crossbow Co., “MICA, MICA2 Motes & Sensors,” http:/, 2005.
[18] R.C. Merkle, “A Digital Signature Based on Conventional Encryption Function,” Advances in Cryptology— Proc. Crypto '87, 1987.
[19] R.C. Merkle, “A Certified Digital Signature,” Advances in Cryptology— Proc. Crypto '89, 1989.
[20] S. Even, O. Goldreich, and S. Micali, “On-Line/Off-Line Digital Signatures,” Advances in Cryptology— Proc. Crypto '89, 1989.
[21] G. Poupard and J. Stern, “On the Fly Signatures Based on Factoring,” Proc. ACM Conf. Computer and Comm. Security (CCS 1999), Nov. 1999.
[22] M. Brown, D. Cheung, D. Hankerson, J.L. Hernandez, M Kirkup, and A. Menezes, “PGP in Constrained Wireless Devices,” Proc. Ninth USENIX Security Symp., Aug. 2000.
[23] H. Krawczyk, M. Bellare, and R. Canetti, “HMAC: Keyed-Hashing for Message Authentication,” RFC2104, Feb. 1997.
[24] P. Rogaway, “OCB Mode: Parallelizable Authenticated Encryption,”, 2005.
[25] J.P. Hespanha, H.J. Kim, and S. Sastry, “Multiple-Agent Probabilistic Pursuit-Evasion Games,” Proc. 38th Conf. Decision and Control, Dec. 1999.
[26] R. Vidal, O. Shakernia, H.J. Kim, H. Shim, and S. Sastry, “Probabilistic Pursuit-Evasion Games: Theory, Implementation and Experimental Evaluation,” IEEE Trans. Robotics and Automation, 2002.
[27] G.L. Duckworth, D.C. Gilbert, and J.E. Barger, “Acoustic Counter-Sniper System,” Proc. SPIE Int'l Symp. Enabling Technologies for Law Enforcement and Security, 1996.
[28] A. Mainwaring, J. Polastre, R. Szewczyk, D. Culler, and J. Anderson, “Wireless Sensor Networks for Habitat Monitoring,” Proc. ACM Int'l Workshop Wireless Sensor Networks and Applications (WSNA), Sept. 2002.
[29] S. Madden, R. Szewczyk, M.J. Franklin, and D. Culler, “Supporting Aggregate Queries over Ad-Hoc Wireless Sensor Networks,” Proc. Fourth IEEE Workshop Mobile Computing Systems and Applications (WMCSA), 2002.
[30] F. Ye, H. Luo, J. Cheng, S. Lu, and L. Zhang, “A Two-Tier Data Dissemination Model for Large-Scale Wireless Sensor Networks,” Proc. IEEE/ACM MobiCom 2002, 2002.
[31] D.G. Abraham, G.M. Dolan, G.P. Double, and J.V. Stevens, “Transaction Security System,” IBM Systems J., vol. 30, no. 2, pp. 206-229, 1991.
[32] S. Kumar and E.H. Spafford, “A Software Architecture to Support Misuse Intrusion Detection,” Proc. 18th Nat'l Information Security Conf., 1995.
[33] K. Ilgun, R.A. Kemmerer, and P.A. Porras, “State Transition Analysis: A Rule-Based Intrusion Detection Approach,” IEEE Trans. Software Eng., vol. 21, no. 3, pp. 181-199, 1995.
[34] T. Bass, “Intrusion Detection Systems and Multisensor Data Fusion,” Comm. ACM, Apr. 2000.
[35] Y. Zhang and W. Lee, “Intrusion Detection in Wireless Ad Hoc Networks,” Proc. IEEE/ACM MobiCom 2000, 2000.
[36] R. Zhang, D. Qian, C. Ba, W. Wu, and X. Guo, “Multi-Agent Based Intrusion Detection Architecture,” Proc. Int'l Conf. Computer Networks and Mobile Computing, 2001.
[37] N. Courtois, L. Goubin, and J. Patarin, “Quartz, 128-bit Long Digital Signatures,” Proc. Cryptographers' Track of the RSA '2001, 2001.
[38] N. Courtois, L. Goubin, and J. Patarin, “Flash, A Fast Multivariate Signature Algorithm,” Proc. Cryptographers' Track of the RSA 2001, 2001.
[39] N. Courtois, L. Goubin, and J. Patarin, “SFLASH, A Fast Asymmetric Signature Scheme for Low-Cost Smartcards,” http://www.minrank.orgsflash-b.pdf, 2004.
[40] T. Moh, “A Public Key System with Signature and Master Key Functions,” Comm. Algebra, vol. 27, no. 5, 1999.
[41] U.G. Wilhelm, S. Staamann, and L. Buttyan, “Introducing Trusted Third Parties to the Mobile Agent Paradigm,” Secure Internet Programming: Security Issues for Mobile and Distributed Objects, LNCS 1603, Springer-Verlag, 1999.
[42] G. Vigna, “Cryptographic Traces for Mobile Agents,” Mobile Agents and Security, 1998.
[43] F. Hohl, “Time Limited Blackbox Security: Protecting Mobile Agents from Malicious Hosts,” Mobile Agents and Security, 1998.
[44] T. Sander and C. Tschudin, “Towards Mobile Cryptography,” Proc. IEEE Symp. Research in Security and Privacy, 1998.
[45] P. Kotzanikolaou, M. Burmester, and V. Chrissikopoulos, “Secure Transactions with Mobile Agents in Hostile Environments,” Proc. Australasian Conf. Information Security and Privacy, 2000.
[46] R. Kennell and L.H. Jamieson, “Establishing the Genuinity of Remote Computer Systems,” Proc. 12th USENIX Security Symp., Aug. 2003.
[47] A. Seshadri, A. Perrig, L. Doorn, and P. Khosla, “SWATT: SoftWare-Based ATTestation for Embedded Devices,” Proc. IEEE Symp. Security and Privacy, May 2004.
[48] T. Park and K.G. Shin, “LiSP: A Lightweight Security Protocol for Wireless Sensor Networks,” ACM Trans. Embedded Computing Systems, vol. 3, no. 3, Aug. 2004.

Index Terms:
Tamper-proofing, program-integrity verification, a randomized hash function, sensor networks.
Taejoon Park, Kang G. Shin, "Soft Tamper-Proofing via Program Integrity Verification in Wireless Sensor Networks," IEEE Transactions on Mobile Computing, vol. 4, no. 3, pp. 297-309, May-June 2005, doi:10.1109/TMC.2005.44
Usage of this product signifies your acceptance of the Terms of Use.