A Multi-user DoS-containment Broadcast Authentication Scheme for Wireless Sensor Networks

Broadcast authentication is an essential service in wireless sensor networks. There are two general approaches for broadcast authentication in wireless sensor networks: digital signatures and mu TESLA-based techniques. Digital signature is based on Public Key Cryptography (PKC). With the advance of technology, PKC will sooner or later be widely used in wireless sensor networks. However, signature-based broadcast authentication is vulnerable to Denial of Services (DoS) attacks: An attacker can inject bogus broadcast packets to force sensor nodes to perform expensive signature verifications, thus exhausts their limited battery power and delays their response to authentic broadcast messages. This paper presents a multi-user, signature-based broadcast authentication scheme with the capability of containing such DoS attack. We address multi-user supporting problem with Bloom Filter. We propose RRAS (Reputation-based Randomized Authentication Scheme) to contain the DoS attack. RRAS employs reputation management and risk management to decide whether to authenticate a message or not. Extensive evaluations in glomosim demonstrate that RRAS can effectively confine the DoS attack to a small range of the network. The communication, computation and storage overhead are minimized and affordable for sensor nodes.