Abstract
Firewalls are an essential component in today’s networked computing systems (desktops, laptops, and servers) and provide effective protection against a variety of over-the-network security attacks. With the development of technologies such as IPv6 and 6LoWPAN that pave the way for Internet-connected embedded systems and sensor networks, these devices will soon be subject to (and need to be defended against) similar security threats. As a first step, this paper presents Aegis, a lightweight, rule-based firewall for networked embedded systems such as wireless sensor networks. Aegis is based on a semantically rich, yet simple, rule definition language. In addition, Aegis is highly efficient during operation, runs in a transparent manner from running applications, and is easy to maintain. Experimental results obtained using real sensor nodes and cycle-accurate simulations demonstrate that Aegis successfully performs gatekeeping of a sensor node’s communication traffic in a flexible manner with minimal overheads.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
TinyOS, http://www.tinyos.net
Bhatti, S., et al.: MANTIS OS: An embedded multithreaded operating system for wireless micro sensor platforms. Mobile Networks and Applications 10(4), 563–579 (2005)
Buonadonna, P., Hill, J., Culler, D.: Active message communication for tiny networked sensors. In: Proc. of INFOCOM (2001)
Chapman, D.B., Zwicky, E.D., Russell, D.: Building internet firewalls. O’Reilly & Associates, Inc., Sebastopol (1995)
Dunkels, A.: Full TCP/IP for 8 Bit Architectures. Proc. of MobiSys (May 2003)
Dunkels, A., Gronvall, B., Voigt, T.: Contiki-a lightweight and flexible operating system for tiny networked sensors. In: Proc. of the First IEEE Workshop on Embedded Networked Sensors, pp. 455–462 (2004)
Dutta, P., Hui, J., Chu, D., Culler, D.: Securing the deluge Network programming system. In: Proc. of IPSN, pp. 326–333 (2006)
Gershenfeld, N., Krikorian, R., Cohen, D.: The Internet of Things. Scientific American 291(4), 76–81 (2004)
Gouda, M.G., Liu, X.-Y.A.: Firewall design: consistency, completeness, and compactness. In: Proc. of 24th International Conference on Distributed Computing Systems, pp. 320–327 (2004)
Han, C.C., Rengaswamy, R.K., Shea, R., Kohler, E., Srivastava, M.: SOS: A dynamic operating system for sensor networks. In: MobiSys, pp. 163–176 (2005)
Hui, J.W., Culler, D.E.: IP is dead, long live IP for wireless sensor networks. In: Proc. of SenSys, pp. 15–28 (2008)
Hui, J.W., Culler, D.E.: Extending IP to low-power, wireless personal area networks. IEEE Internet Computing, 37–45 (2008)
Karlof, C., Sastry, N., Wagner, D.: TinySec: a link layer security architecture for wireless sensor networks. In: Proc. of SenSys, pp. 162–175 (2004)
Kothari, N., Nagaraja, K., Raghunathan, V., Sultan, F., Chakradhar, S.: HERMES: A Software Architecture for Visibility and Control in Wireless Sensor Network Deployments. In: IPSN, pp. 395–406 (2008)
Kumar, R., Kohler, E., Srivastava, M.: Harbor: software-based memory protection for sensor nodes. In: Proc. of IPSN, pp. 340–349 (2007)
Levis, P., Culler, D.: Mate: A Tiny Virtual Machine for Sensor Networks. In: Proc. of ASPLOS (2002)
Levis, P., Patel, N., Culler, D., Shenker, S.: Trickle: A self-regulating algorithm for code propagation and maintenance in wireless sensor networks. In: Proc. of NSDI, vol. 246 (2004)
Liu, A.X., Torng, E., Meiners, C.R.: Firewall compressor: An algorithm for minimizing firewall policies. In: INFOCOM, April 2008, pp. 176–180 (2008)
Ma, J., et al.: S_Firewall: A Firewall in Wireless Sensor Networks. In: WiCOM, September 2006, pp. 1–4 (2006)
Murthy, U., Bukhres, O., Winn, W., Vanderdez, E.: Firewalls for security in wireless networks. In: Proc. of HICSS, vol. 7, p. 672 (1998)
Perrig, A., Stankovic, J., Wagner, D.: Security in wireless sensor networks. Commun. ACM 47(6), 53–57 (2004)
Titzer, B.L., Lee, D.K., Palsberg, J.: Avrora: scalable sensor network simulation with precise timing. In: IPSN, pp. 477–482 (April 2005)
Werner-Allen, G., Swieskowski, P., Welsh, M.: Motelab: a wireless sensor network testbed. In: Proc. of IPSN, pp. 483–488 (2005)
Woo, A., Tong, T., Culler, D.: Taming the underlying challenges of reliable multihop routing in sensor networks. In: Proc. of SenSys, pp. 14–27 (2003)
Wood, A.D., Stankovic, J.A.: Denial of service in sensor networks. Computer, 54–62 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hossain, M.S., Raghunathan, V. (2010). AEGIS: A Lightweight Firewall for Wireless Sensor Networks. In: Rajaraman, R., Moscibroda, T., Dunkels, A., Scaglione, A. (eds) Distributed Computing in Sensor Systems. DCOSS 2010. Lecture Notes in Computer Science, vol 6131. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13651-1_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-13651-1_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13650-4
Online ISBN: 978-3-642-13651-1
eBook Packages: Computer ScienceComputer Science (R0)