Wireless sensor networks have recently emerged as a promising computing model for many civilian and military applications. Sensor nodes in such a network are subject to varying forms of attacks since they are left unattended after deployment. Compromised nodes can, for example, tamper with legitimate reports or inject false reports in order to either distract the user from reaching the right decision or deplete the precious energy of relay nodes. Most of the current designs take the en-network detection approach: misbehaved nodes are detected by their neighboring watchdog nodes: false reports are detected and dropped by trusted en-route relay nodes, etc. However en-network designs are insufficient to defend collaborative attacks when many compromised nodes collude with each other in the network.
In this paper we propose COOL, a COmpromised nOde Locator for detecting and locating compromised nodes once they misbehave in the network. It is based on the observation that for a well-behaved sensor node, the set of outgoing messages should be equal to the set of incoming and locally generated or dropped messages. However, comparing the message sets for different nodes is not enough to identify attacks as their sanity is unknown. We exploit a proven collision-resilient hashing scheme, termed incremental hashing, to sign the incoming, outgoing and locally generated/dropped message sets. The hash Values are then sent to the sink for trusted comparisons. We discuss how to securely collect these hash values and then confidently locate compromised nodes. The scheme can also be combined with existing en-route false report filtering schemes to achieve both early false report dropping and accurate compromised nodes isolation. Through identifying and excluding compromised nodes, the COOL protocol prevents further damages from these nodes and forms a reliable and energy-conserving sensor network.

• 出版日期2010-1
• 单位南京大学