Analysis of the Tree-Based Scheme

The insecurity of the first scheme presented in this chapter (see Section 5.4.3.1) was based on the fact that the sensor nodes had a limited knowledge about the query dissemination in the network. Therefore, the nodes accepted the query as soon as it was authenticated by an arbitrary (t + 1)-hop neighbor of the node.

In the scheme presented in the current section, this is not the case. If the adversary compromises t + 1 nodes that lie consecutively on a path in the

5.4 Interleaved Authenticated Querying 87

spanning tree, then the last node on this path will be able to disseminate the fake query in the subtree rooted at it. As in the previous case, the impact of the fake query is highly topology-dependent. In particular, it depends very much on the structure of the spanning tree rooted at the last node.

If the adversary compromised ˆt ≤ nodes, then the impact of the fake query is localized to the corresponding ˆt-level subtree of the network’s span-ning tree.

We now consider the denial-of-service (DoS) opportunities in the tree-based scheme. Firstly, in our scheme the nodes blacklist queries that ar-rive with an incorrect authenticator. Thus, if the adversary sends incorrect queries with future query IDs, then the corresponding correct queries will not be processed by the affected nodes. The impact of these queries is local-ized, as the nodes do not forward the queries. However, this means that the whole subtree rooted at the affected node will not receive the correct query.

it is not quite clear how to defend against this attack. Most probably, the defense would require some methods that are outside of the protocol design, such as an intrusion detection system [90].

We also note that the tree-based scheme is highly susceptible to node crashes and link failures, that is, to the disturbing adversary. One failure means that the whole subtree rooted at the attacked node cannot receive the query. Appropriate countermeasures include monitoring of neighbors for link and crash failures and local repair, such as assigning a new root to the affected subtree. We are, however, unaware of any such protocols that work in the presence of node captures.

5.4.5.2 Performance

As mentioned above, messages sent in the tree-based scheme are consid-erably smaller than messages in the basic scheme. Shorter messages are favourable because they consume less energy. Nevertheless, each node has to send several messages in this scheme, one for each of its children to be more specific. An increasing number of messages causes an extra communi-cation overhead.

In order to compare the tree scheme with the basic scheme, one has to estimate the number of MACs in each message. The number of MACs in each message is exactly the number of nodes in a (t+1)-layered subtree of the network’s spanning tree. Unfortunately, the average number of (t + 1)-hop neighbors and the average degree of the spanning tree cannot be converted into each other in a straightforward manner. The following paragraphs first describe how one can achieve a rough approximation of the number of the

MACs in the authenticator and then illustrates this result using a concrete example.

Approximation. According to our algorithm, the network is organized as a shortest-path spanning tree rooted at the base station. We assume that each subtree rooted at the children of the base station is a tree where each node has d children. Actually, such a tree does not exist in the most cases, thus d should be considered as an approximation. For example, in Figure 5.10 the children of the base station have 12 children, and these have 18 children in the next layer. Thus, each node has on average d =

1 2

12

6 +¹⁸₁₂
= 1.75 children.

Figure 5.10: Example of a spanning tree for the diamond grid.

To generalize the above reasoning, consider a network of diameter 2r (in hops) organized in the diamond structure such as in Figure 5.10 with the base station in the center. Then there are 6i nodes in the ith level of the spanning tree which starts at the base station. The depth of the spanning tree is r.

We compute the average number of node’s children in the spanning tree as follows:

d = 1 r − 1

r−1

X

i=1

6(i + 1)

6i = 1 + 1 r − 1

r−1

X

i=1

1

i (5.2)

5.4 Interleaved Authenticated Querying 89

The average degree of the spanning tree goes to 1 with the growth of the network diameter. This can actually be shown for any network with uniformly distributed nodes.

We now consider how many MACs are included in the authenticator of the tree-based scheme. The incoming message for each node contains a MAC computed by its (t + 1)-hop predecessor, or by the base station, and MACs for all nodes in the t-layer subtree rooted at the considered node.

The number of these MACs can therefore be computed as

t

X

i=0

dⁱ = d^t+1− 1

d − 1 . (5.3)

Finally, the number of bytes in the authenticator can be computed as

auth_tree = |qid|_byte+ |mac|_byte∗d^t+1− 1

d − 1 . (5.4)

Example. We now compute the authenticator size for the tree scheme using the same set of parameters as in Section 5.4.3.2 where we considered the performance of the basic scheme. We consider a network organized as a diamond grid similar to the grid in Figure 5.6 with the base station in the middle and the diameter of 20 hops. The other parameters remain as in Section 5.4.3.2:

ˆ t = 2

ˆ |qid|byte= 2

ˆ |mac|byte= 4

This means that the distance between any node and the base station is at most 10 hops. Then according to Formula 5.2 d = 1.3 and the number of MACs in the authenticator is 4 on average according to Formula 5.3.

An authenticator message in the tree-based scheme does not contain any node IDs, but just the query ID and the above number of MACs. Then an authenticator contains approximately the following number of bytes:

auth_tree = |qid|_byte+ |mac|_byte∗ 4 = 16

Thus, in the tree-based scheme the size of the authentication information in this example is 16 bytes instead of 224 bytes in the basic scheme.

Actually, when using the interleaved hop-by-hop authentication to flood a network, the tree-based scheme is the most efficient approach. The follow-ing section argues why this scheme cannot be further improved.