TY - JOUR
T1 - Least privilege and privilege deprivation
T2 - Toward tolerating mobile sink compromises in wireless sensor networks
AU - Song, Hui
AU - Zhu, Sencun
AU - Zhang, Wensheng
AU - Cao, Guohong
PY - 2008/8/1
Y1 - 2008/8/1
N2 - Mobile sinks are needed in many sensor network applications for efficient data collection, data querying, localized sensor reprogramming, identifying, and revoking compromised sensors, and other network maintenance. Employing mobile sinks however raises a new security challenge: if a mobile sink is given too many privileges, it will become very attractive for attack and compromise. Using a compromised mobile sink, an adversary may easily bring down or even take over the sensor network. Thus, security mechanisms that can tolerate mobile sink compromises are essential. In this article, based on the principle of least privilege, we first propose an efficient scheme to restrict the privilege of a mobile sink without impeding its ability to carry out any authorized operations for an assigned task. In addition, we present an extension to allow conditional trajectory change due to unexpected events. To further reduce the possible damage caused by a compromised mobile sink, we propose efficient message forwarding schemes for deleting the privilege assigned to a compromised mobile sink immediately after its compromise has been detected. Through detailed analysis, simulation, and real implementation, we show that our schemes are secure and efficient, and are highly practical for sensor networks consisting of the current generation of sensors.
AB - Mobile sinks are needed in many sensor network applications for efficient data collection, data querying, localized sensor reprogramming, identifying, and revoking compromised sensors, and other network maintenance. Employing mobile sinks however raises a new security challenge: if a mobile sink is given too many privileges, it will become very attractive for attack and compromise. Using a compromised mobile sink, an adversary may easily bring down or even take over the sensor network. Thus, security mechanisms that can tolerate mobile sink compromises are essential. In this article, based on the principle of least privilege, we first propose an efficient scheme to restrict the privilege of a mobile sink without impeding its ability to carry out any authorized operations for an assigned task. In addition, we present an extension to allow conditional trajectory change due to unexpected events. To further reduce the possible damage caused by a compromised mobile sink, we propose efficient message forwarding schemes for deleting the privilege assigned to a compromised mobile sink immediately after its compromise has been detected. Through detailed analysis, simulation, and real implementation, we show that our schemes are secure and efficient, and are highly practical for sensor networks consisting of the current generation of sensors.
UR - http://www.scopus.com/inward/record.url?scp=51849099823&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=51849099823&partnerID=8YFLogxK
U2 - 10.1145/1387663.1387669
DO - 10.1145/1387663.1387669
M3 - Article
AN - SCOPUS:51849099823
SN - 1550-4859
VL - 4
JO - ACM Transactions on Sensor Networks
JF - ACM Transactions on Sensor Networks
IS - 4
M1 - 23
ER -