Constrained Function Based En-Route Filtering for Sensor Networks

TL;DR

This paper introduces a novel constrained function-based en-route filtering scheme for sensor networks, enhancing security against false data injection and DoS attacks by using a new hash function supporting filtering directly.

Contribution

It proposes a new CFA scheme that directly supports en-route filtering, differing from existing methods that rely on complex security associations.

Findings

The CFA scheme effectively supports en-route filtering.

The CFAEF scheme demonstrates improved efficiency and security.

The approach is validated through theoretical and numerical analysis.

Abstract

Sensor networks are vulnerable to \emph{false data injection attack} and \emph{path-based DoS} (PDoS) attack. While conventional authentication schemes are insufficient for solving these security conflicts, an \emph{en-route filtering} scheme acts as a defense against these two attacks. To construct an efficient en-route filtering scheme, this paper first presents a Constrained Function based message Authentication (CFA) scheme, which can be thought of as a hash function directly supporting the en-route filtering functionality. Together with the \emph{redundancy property} of sensor networks, which means that an event can be simultaneously observed by multiple sensor nodes, the devised CFA scheme is used to construct a CFA-based en-route filtering (CFAEF) scheme. In contrast to most of the existing methods, which rely on complicated security associations among sensor nodes, our design, which directly exploits an en-route filtering hash function, appears to be novel. We examine the CFA and CFAEF schemes from both the theoretical and numerical aspects to demonstrate their efficiency and effectiveness.