Containing Bogus Packet Insertion Attacks for Broadcast Authentication in Sensor Networks

Broadcast is a critical communication primitive in wireless sensor networks. The multihop nature of sensor networks makes it necessary for sensor nodes to forward broadcast messages so that the messages can reach an entire network. Authentication of broadcast messages is an important but challenging problem in sensor networks. Public key cryptography (PKC) has been used recently to address this problem. However, PKC-based authentication techniques are susceptible to bogus packet insertion attacks in which attackers keep broadcasting bogus messages and force resource-constrained sensor nodes to forward such messages. Moreover, because it takes time to do signature verifications, it is impractical for each node to authenticate every received message before forwarding it. In this article, we propose a dynamic window scheme to thwart the aforementioned bogus packet insertion attacks which permits sensor nodes to efficiently broadcast messages. Within this scheme, a sensor node has the ability to determine whether or not to verify an incoming message before forwarding the message. We further study the property of this dynamic window scheme and investigate the best strategy for thwarting bogus packet insertion attacks. We propose three strategies for finding the optimal parameters by an improved additive increase multiplicative decrease (AIMD) window updating function so that the proposed dynamic window scheme can achieve the best overall performance with respect to the authentication and forwarding times of messages. Numerical validations show that our proposed scheme performs very well in terms of energy saving and broadcast delays based on three different metrics, including average authentication delays, the percentage of nodes receiving fake messages, and the percentage of nodes forwarding fake messages.