Sense-Response Applications

Sensor networks are widely being used for sense-response applications. The role of the sensor nodes in such applications is to monitor an area for events of interest and report the occurrence of the event to the base-station. The receipt of the event at the base-station is followed by a prompt physical response. An example of a sense-response application is the detection of fires in a forest. The sensor nodes report the occurrence of a fire upon which fire trucks are immediately dispatched to the location of the fire. Other examples of sense-response applications are intruder detection and apprehension, natural disaster monitoring, structural integrity monitoring, bio/chemical spill monitoring and containment etc.

Sensor nodes in sense-response applications are deployed with overlapping sensing regions to avoid holes in the coverage area. Thus an event is detected by more than one sensor node in the neighborhood of its occurrence. The base-station exploits this redundancy by responding to only those in the network. This is mainly done in order to avoid any false positives in the event generation process, i.e., an event is reported though it never occurred. However, this requires every sensor node to transmit a message to the base-station for every event that is detected, which expends a lot of energy. An alternative (that is often used in practice) is to have all the sensor nodes in the neighborhood of an event reach a consensus and have only one of the nodes transmit an event detection message to the base-station that implicitly contains the testimony of every node that detected the event. Sensor networks are often deployed in public and untrustworthy places. In some cases, they are also deployed in hostile areas.

The wireless medium of communication in sensor networks prevents any form of access control mechanism at the physical layer. The adversary can very easily introduce spurious messages in the network containing a false event report. This leads to energy wastage of the nodes in the network and also wastage of resources due to the physical response initiated by the base station in response to the false event report. A simple solution to thwart such attacks is to use a system wide secret key coupled with explicit authentication mechanisms. However, this solution fails to protect against internal attacks where the adversary has compromised a subset of sensor nodes.

Sensor nodes are designed to be cheap and cannot be equipped with expensive tamper-proof hardware. This coupled with the unmanned operation of the network leaves the nodes at the mercy of an adversary who can potentially steal some nodes, recover their cryptographic material, and pose them as authorized nodes in the network. We hereby refer to such nodes as internal adversaries. Internal adversaries are capable of launching more sophisticated attacks, where by posing to be real authenticated nodes, they can also suppress the generation of a message for any real event that is detected. This effectively renders the entire system to be useless.