2005 IEEE Symposium on Security and Privacy (S&P'05) (2005)
May 8, 2005 to May 11, 2005
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SP.2005.7
Jonathan M. McCune , Carnegie Mellon University
Elaine Shi , Carnegie Mellon University
Adrian Perrig , Carnegie Mellon University
Michael K. Reiter , Carnegie Mellon University
So far, sensor network broadcast protocols assume a trustworthy environment. However, in safety and mission-critical sensor networks this assumption may not be valid and some sensor nodes might be adversarial. In these environments, malicious sensor nodes can deprive other nodes from receiving a broadcast message. We call this attack a Denial-of-Message Attack (DoM). In this paper, we model and analyze this attack, and present countermeasures.<div></div> We present SIS, a Secure Implicit Sampling scheme that permits a broadcasting base station to probabilistically detect the failure of nodes to receive its broadcast, even if these failures result from an attacker motivated to induce these failures undetectably. SIS works by eliciting authenticated acknowledgments from a subset of nodes per broadcast, where the subset is unpredictable to the attacker and tunable so as to mitigate acknowledgment implosion on the base station. We use a game-theoretic approach to evaluate this scheme in the face of an optimal attacker that attempts to maximize the number of nodes it denies the broadcast while remaining undetected by the base station, and show that SIS significantly constrains such an attacker even in sensor networks exhibiting high intrinsic loss rates. We also discuss extensions that permit more targeted detection capabilities.
J. M. McCune, A. Perrig, M. K. Reiter and E. Shi, "Detection of Denial-of-Message Attacks on Sensor Network Broadcasts," 2005 IEEE Symposium on Security and Privacy (S&P'05)(SP), Oakland, California, 2005, pp. 64-78.