摘要:In wireless sensor networks, the attackers can easily inject false data reports from compromising nodes. Previous approaches to filtering false data reports, notably statistical en-route filtering, usually share keys among the nodes in low probabilities, and rely on the forwarding nodes to verify the correctness of the MACs (Message Authentication Codes) carried in each report. Although the results of the notably approach are conspicuous, there still exists several drawbacks. Firstly, compromised nodes from different regions can collaboratively forge false reports such that forwarding nodes cannot detect and filter for not binding the key to their geographical coordinate. Secondly, false reports have to travel several hops before being detected and filtered. In this paper, we propose a Double key-Sharing based false data Filtering scheme (DSF) to cope with those problems. In DSF, nodes are grouped into clusters after deployment, and a blocked region is formed through pair-wise keys closer to the source node. When an event occurs, a legitimate report must carry two types of MACs. In addition, we bind the symmetric keys with the clusters by pre-distributing the key indexes of in-cluster nodes to forwarding nodes. In filtering phase, each forwarding node has to validate not only the correctness of the MACs carried in the report, but also the legitimacy of related locations of all detecting nodes. Moreover, the tail of the data reports can be dropped just outside the blocked region. Extensive analyses and simulations demonstrate that DSF can detect and filter out false reports forged by multiple compromised nodes from different geographical regions, and also outperforms existing schemes in terms of filtering efficiency and energy consumption.
关键词:wireless sensor network;double key-sharing;false data filtering;message authentication code