A fuzzy-based interleaved multi-hop authentication scheme in wireless sensor networks

Abstract

In sensor networks, a compromised node can either generate fabricated reports with false votes or inject false votes into real reports, which causes severe damage such as false alarms, energy drain and information loss. An interleaved hop-by-hop authentication (IHA) scheme addresses the former attack by detecting and filtering false reports in a deterministic and hop-by-hop fashion. Unfortunately, in IHA, all en-route nodes must join to verify reports while only a few are necessary to the authentication procedure. In this paper, we propose a fuzzy-based interleaved multi-hop authentication scheme based on IHA. In our scheme, the fuzzy logic system only selects some nodes for verification based on the network characteristics. Moreover, we apply a voting method and a hash-based key assignment mechanism to improve network security. Through performance evaluation, the proposed scheme is found to save up to 13% of the energy consumption and to provide more network protection compared to IHA.

Introduction

Wireless sensor networks (WSNs) have been used in ubiquitous computing systems in recent years. A WSN consists of multi-affection sensor nodes which comprise a data collection module, a data process and control module, a communication module, and an energy module [2], [4]. In most applications, such as military surveillance, sensor nodes are deployed in open, large-scale, or even hostile environments. Therefore they are unattended and subject to the threat of capture and security compromise [21]. Additionally, the power of the sensor nodes is limited and irreplaceable [7], [15], [19]. Hence, security and energy efficiency are the most challenging aspects in the design of WSNs.

When a node is compromised by fabricated messages or is physically attacked, attackers can achieve full control over the captured node and are then able to read its memory and influence the operation of the node software [10]. On the one hand, compromised nodes may generate false reports, which is called false negative attacks as shown in Fig. 1(a). This leads to energy drain and false alarms. On the other hand, compromised nodes may inject false Message Authentication Codes (MACs) into real reports, which is called false positive attacks as shown in Fig. 1(b). As a result, the report containing false MACs is detected and dropped by another upper stream node, and thereby the base station (BS) loses the information in this report [13], [20].

Recently, many en-route filtering schemes have been researched and developed [11], [12], [13], [21], [22], [24]. To minimize the grave damage resulting from false negative attacks, these schemes filter false reports en-route, and the few missed reports should then be rejected at the BS [21]. In the interleaved hop-by-hop authentication (IHA) scheme [24], reports are verified and filtered by every en-route node and finally by the BS. The IHA defines a simple but effective filtering scheme based on association among nodes. Its design goal is to guarantee that the BS can detect a false report as long as no more than $t$ nodes are compromised. Here $t$ is a security threshold. However, there are some disadvantages with the IHA. Since all intermediate nodes are verification nodes, which consume more energy than general en-route nodes, this scheme is not very efficient in saving energy. Additionally, the IHA depends on deterministic key sharing in which each node must share its secret key with its associated nodes, thereby weakening the security of the network. Another drawback of the IHA is that it only handles false negative attacks while false positive attacks may easily occur. A probabilistic voting-based filtering scheme (PVFS) is presented to address false positive attacks [13]. In this scheme, a verification node will not immediately discard a report which carries a false MAC. Instead, only when the number of false MACs reaches a designed threshold is the report dropped.

In this paper, a fuzzy-based interleaved multi-hop authentication (FIMA) scheme is proposed as an enhancement of the IHA. In FIMA, we introduce a fuzzy logic system to limit the number of en-route verification nodes and thereby save verification energy. To determine which nodes are suitable for verification, the fuzzy rule-based system takes advantage of fuzzy characteristics such as remaining energy, distance to the BS, and the cumulative number of false MACs. Besides, a new key assignment method in which the key of a node is calculated based on a hash function of its downstream (toward the source cluster) node’s key is presented to enhance network security and reduce key storage overhead. Moreover, FIMA also applies the voting method in PVFS to cope with false positive attacks. Accordingly, when the scheme finds a false MAC in a report, it increases the number of detected false MACs. When this number equals to the predefined threshold, the scheme drops the report. Through analysis and simulation, we found that the scheme can save up to 13% of the total energy consumption compared to the IHA, while providing more network security.

The rest of this paper is organized as follows. Section 2 highlights the background of our scheme which includes en-route filtering schemes and related work, and an overview of the IHA. In Section 3, a problem statement is presented. Subsequently, a detailed description of the proposed scheme follows in Section 4. In Section 5, the performance evaluation of the proposed scheme through analysis and simulation is shown and discussed. Finally, Section 6 concludes the study.