Secure and efficient dynamic program update in wireless sensor networks

Dynamic program update protocols provide a convenient way to reprogram sensor nodes after deployment. However, designing a secure program update protocol for wireless sensor networks is a difficult task because wireless networks are susceptible to attacks and nodes have limited resources. Recently, two secure program update protocols using orthogonality principle have been found to be vulnerable to two impersonation attacks, although these attacks are rather restrictive. This paper reports one new attack that is more general and makes the program update protocols even more vulnerable. With this attack, an attacker can easily impersonate the base station to install his/her preferred program on sensor nodes and then obtain control over the network. As a remedy, two simple countermeasures are suggested to defend against all these attacks. Finally, the security properties of the two proposed solutions are formally validated by a model checking tool. Copyright (C) 2011 John Wiley & Sons, Ltd.