Adaptive and Randomized Time-based Wireless Sensor Networks Remote Attestation Against Proxy Attack

• Main Authors: Cheng-Po Chien, 簡丞博
• Other Authors: Sung-Ming Yen
• Format: Others
• Language: zh-TW
• Published: 2018
• Online Access: http://ndltd.ncl.edu.tw/handle/m3u63s

碩士 === 國立中央大學 === 資訊工程學系 === 106 === Wireless sensor network (WSNs) have been widely applied in medical, scientific, military, and business applications. A huge number of sensor nodes are deployed in a specific geographic area to collect environmental data for analysis purposes. However, the sensor nodes are often deployed in a public geographic area that allows an adversary to physically capture a sensor node. Any software vulnerability and sensitive data inside the captured node will be identified. The adversary can store malicious codes in the captured node and redeploy it. The infected sensor node then spreads the malicious codes; consequently the neighboring nodes are infected with the malicious codes. These infected sensor nodes can collude each other to perform a variety of attacks, such as fake data delivery, selective packet forwarding, denial of service (DoS), etc. A security mechanism used for detecting an infected sensor node is necessary. The time-based remote attestation scheme provides a mechanism for checking the memory integrity of the sensor nodes. During the remote attestation, the memory integrity of sensor node is endorsed by evidences provided by sensor node. If the memory content of sensor node is modified, sensor node could not produce the evidence. In addition, verifier will set threshold and measure time which sensor nodes produces the evidences of memory integrity that prevents adversary forging evidence by additional operation. Unfortunately, the measured time is susceptible to communication delay in WSNs. This may result in the normal sensor nodes fail the attestation. Furthermore, time-based remote attestation is vulnerable to proxy attack, which the evidence of memory integrity is able to be generated by the powerful device of adversary. In this study, we proposed remote attestation that more adaptive time-based remote attestation scheme and counteract the proxy attack of sensor nodes. Our scheme is designed in a multiple-round approach which a whole remote attestation will be divided into several round and at end of each round the round evidences will be randomly determined to be sent to the verifier or not. Those evidence which does not sent to the verifier will be check through the subsequent evidences which produce by the response block chaining. The key idea in proposed scheme is that misjudgment of normal node is avoided through multiple round time measurement. Additionally, multiple-round approach can exhaust the battery of the compromised nodes and makes the malicious intrusion become significantly less powerful. We also proposed alternative scheme which install the lightweight hardware secure modules before employed to reduce the power consumption of normal sensor nodes and remain the power consumption of compromised sensor nodes.