3rd International ICST Conference on Broadband Communications, Networks, and Systems

Research Article

Secure Diffusion for Wireless Sensor Networks

  • @INPROCEEDINGS{10.1109/BROADNETS.2006.4374317,
        author={Hao Yang and Starsky H.Y. Wong and Songwu Lu and Lixia Zhang},
        title={Secure Diffusion for Wireless Sensor Networks},
        proceedings={3rd International ICST Conference on Broadband Communications, Networks, and Systems},
        publisher={IEEE},
        proceedings_a={BROADNETS},
        year={2006},
        month={10},
        keywords={},
        doi={10.1109/BROADNETS.2006.4374317}
    }
    
  • Hao Yang
    Starsky H.Y. Wong
    Songwu Lu
    Lixia Zhang
    Year: 2006
    Secure Diffusion for Wireless Sensor Networks
    BROADNETS
    IEEE
    DOI: 10.1109/BROADNETS.2006.4374317
Hao Yang1,*, Starsky H.Y. Wong2,*, Songwu Lu2,*, Lixia Zhang2,*
  • 1: BM T.J. Watson Research Center, Hawthorne, NY 10532
  • 2: UCLA Computer Science Department, Los Angeles, CA 90095
*Contact email: haoyang@us.ibm.com, hywong1@cs.ucla.edu, slu@cs.ucla.edu, lixia@cs.ucla.edu

Abstract

Data dissemination is an indispensible protocol component for the emerging large-scale sensor networks. In this paper, we propose a secure data dissemination protocol that enhances directed diffusion to operate in the presence of compromised sensors. Our proposed solution, secure diffusion, utilizes a novel security primitive called location-binding keys, and exploits the available end-to-end feedback loop in directed diffusion. In secure diffusion, sensor nodes use pairwise neighbor keys to establish secure gradients, and the sink uses location-binding keys to authenticate the received sensing data. By differentiating authentic data from fabricated ones, the sink can selectively reinforce data paths and assist intermediate nodes in local reinforcement decisions to combat compromised nodes. Our security analysis shows that, in the presence of compromised nodes, secure diffusion can ensure both high-quality delivery of authentic data and local containment of malicious traffic.