Multi-node Collaborative Watermark Scheme to Filter Injected False Data in
Wireless Sensor Networks
Ye-Qing Yi
1
Yun-Ru Liu
1
Wei-Ni Zeng
2
Chuan-xian Jiang
3
1. Department of Information Science and Engineering, Hunan University of Humanities Science and Technology, Loudi 417000, China
2. Seven One Six Research Institute of China Shipbuilding Industry Corporation, Lianyungang 222000, China
3. School of Information Science and Engineering, Guilin University of Technology, Guilin 541004, China
yeqingyi@126.com
Abstract
False data injection is a well-known serious threat to
wireless sensor networks. In this attack, an adversary reports
false information to the sink and thus causes an error
decision at the upper level and energy waste in the en route
nodes. In this study, we propose a novel multi-node
collaborative watermark scheme to filter injected false data.
The scheme is based on the characteristics of clustering
collaboration in sensor networks. Watermark generation,
embedding, and extraction were completed not by a single
node, but by a fixed number of witness nodes selected within
the same cluster. This scheme can prevent the leakage of
keys caused by the use of a single node and is energy
efficient. On this basis, a false data-filtering algorithm was
developed. The algorithm can verify the correctness,
completeness, and freshness of data with the use of the
embedded watermarks. Analysis and simulation results show
that the algorithm significantly improves the probability of
filtering false data while conserving energy.
Keywords: wireless sensor network, false data filtering,
multi-node collaborative watermark
1. Introduction
Wireless sensor networks (WSNs) have been eliciting
much attention recently because of the rapid development of
communication technology
[1, 2,29,30]
. Collecting sensory data
is one of the main tasks of WSNs. However, false sensory
reports can be injected by compromised nodes and could
cause false alarms and the depletion of limited energy
resources. Detecting and eliminating false data are
challenging tasks; the difficulty lies in that if an attacker
employs the capture key to forge malicious data and then
sends these data to the neighbor nodes, these nodes would be
unable to evaluate the authenticity of the data packet
[3, 4]
.
Owing to limited energy resources, the end-to-end data
authentication mechanism utilized in traditional networks is
unsuitable for WSNs. Therefore, proper false data-filtering
schemes should be established
[5]
.
Many schemes have been proposed for false data
filtering in WSNs. Most of them are based on message
authentication codes (MACs)
[3, 6–19]
. Sensory data or
appended t-MACs are checked by the intermediate nodes
along the route to the sink. These solutions have the
following drawbacks. First, their capability to tolerate faults
is insufficient, that is, they hardly support lossy in-network
data operations (e.g., lossy compression). Second, appended
t-MACs increase the overhead transmission and thus reduce
the efficiency of the entire network; consequently, the
survival time of the network is shortened
[20]
. Third, the
MAC appended to the packet frequently causes security risks
[10]
. Furthermore, most of these algorithms experience
difficulty resisting replay attacks.
In this study, by adopting the advantages of digital
watermark technology in authentication, we developed a
false data-filtering algorithm without relying on MAC.
Compared with existing algorithms, the proposed algorithm
can better filter false data, saves more energy, has the feature
“robust yet fragile,” supports lossy in-network data
processing, resists certain noises, and is resistant to replay
attacks.
The remainder of this paper is organized as follows.
Section 2 summarizes related studies. Section 3 introduces
the multi-node collaborative watermark (MCW) algorithm
that is suitable for WSNs. Section 4 presents the proposed
false data-filtering algorithm based on MCW. Section 5
provides a theoretical analysis of the algorithm. Section 6
presents the simulation results, and Section 7 provides the
conclusions.
2. Related Work
False data filtering has been attracting increasing
attention recently. Numerous studies have adopted different
approaches to achieve false data filtering.
Ye et al. proposed a scheme called statistical en-route
filtering of injected false data or SEF
[3]
. This scheme
appends t-MAC after the data packet and allows the
intermediate nodes to authenticate the data packet by
checking the appended t-MAC at a certain probability.
However, the scheme cannot guarantee that the intermediate
nodes will filter out false data. Meanwhile, Zhu
et al.
proposed an interleaved hop-by-hop authentication scheme
[6]
that allows the intermediate nodes to filter nearly 80% of
false data in the first two steps; thus, a large amount of
energy is saved in terms of both computation and
communication. However, high-frequency MAC checking
associated with complicated peer-to-peer key management
schemes often dramatically increases the overall system
complexity. Li et al. assumed that an attacker not only injects
false data into a network but also attacks the MAC
information that is appended to the back of the data packet.
Accordingly, if the attacker tampers with the MAC
information appended to the correct data packet, the
information is then forwarded through the compromised
node. Consequently, correct data would be deleted as false
ones. To resist such an attack, they proposed the probabilistic
voting-based filtering scheme (PVFS)
[10]
based on cluster
organization, probabilistic key distribution, and the voting
mechanism. However, the scheme fails when the attacker
剩余9页未读,继续阅读
资源评论
