| Sensor networks are envisioned to be powerful and economical solutions for both civilian and military applications, because of their capability and flexibility built on top of low-cost and small-size sensors. Meanwhile, sensor networks are also targets of all kinds of security attacks due to their extremely scarce resources and their unattended, hostile operating environment. Among all the potential attacks, insider attacks from compromised sensors are very challenging and difficult to be addressed. Compromised sensors have valid credentials, so that they can take part in the normal network operations and provide correct responses once challenged. My objective is to reduce or remove the possible damages that compromised sensors might bring to the network and further to identify and revoke those compromised sensors. In the literature, a lot of techniques have been proposed to achieve the above goal. I work on the following important issues that have not been well solved yet.;First, I propose SDAP, a secure hop-by-hop data aggregation protocol for sensor networks. Data aggregation is a very important technique in sensor networks to reduce data redundancy and communication overhead during sensor data collection. SDAP can preserve the efficiency of the ordinary hierarchical hop-by-hop data aggregation and meanwhile provide high assurance on the trustworthiness of the final aggregation result, even though multiple compromised sensors may collude to trick the base station to accept bogus data from them.;Then, I devise two distributed software-based attestation schemes to detect compromised sensor nodes, in which multiple neighbors of a suspicious node collaborate in a challenge-response process and make a joint decision regarding the trustworthiness of a suspicious sensor node in a distributed manner. The schemes only involve regular neighboring nodes and no trusted verifier or BS is included, so the attestation could be finished in a timely and distributed manner; also, they do not rely on response time difference to distinguish between a benign node and a compromised node, so the result is more accurate and reliable.;Last but not least, I target on a potentially (if not the most) severe attack from compromised sensors, which is named sensor worm attack. We not only validate the possibility for worm attack to happen in sensor networks, but also propose an effective defensive scheme based on software diversity. To the best of our knowledge, this is the first work investigating in depth on sensor worm defense. |
