期刊名称:International Journal of Distributed Sensor Networks
印刷版ISSN:1550-1329
电子版ISSN:1550-1477
出版年度:2010
卷号:2010
DOI:10.1155/2010/793981
出版社:Hindawi Publishing Corporation
摘要:Existing end-to-end security mechanisms are vulnerable to path-based denial of service attacks (PDoS). If
checking integrity and authenticity of a message is done only at the final destination, the intermediate nodes are going
to forward bogus packets injected by an adversary many hops before they are detected. Therefore, the adversary can
easily overwhelm intermediate nodes by bogus or replayed packets. This attack exhausts the nodes along the path. In
addition, other downstream nodes that depend on the exhausted nodes as intermediate nodes will be isolated, and they
have to find alternative paths. Regarding broadcast traffic that originated from the base station, if packets were injected by
an adversary, the whole network's nodes will be exhausted. Therefore, there is a need to enable intermediate nodes
to filter out bogus packets. We adopted a link layer security scheme to enable en route intermediate nodes to filter out any bogus or replayed
packet as soon as it is injected into the network. Our scheme can handle different types of traffic. Simulation results
show that our algorithm outperforms the one-way hash chain (OHC) algorithm and that it is more scalable.
