Constrained Function Based En-Route Filtering for Sensor Networks

Sensor networks are vulnerable to \emph{false data injection attack} and \emph{path-based DoS} (PDoS) attack. While conventional authentication schemes are insufficient for solving these security conflicts, an \emph{en-route filtering} scheme acts as a defense against these two attacks. To construct an efficient en-route filtering scheme, this paper first presents a Constrained Function based message Authentication (CFA) scheme, which can be thought of as a hash function directly supporting the en-route filtering functionality. Together with the \emph{redundancy property} of sensor networks, which means that an event can be simultaneously observed by multiple sensor nodes, the devised CFA scheme is used to construct a CFA-based en-route filtering (CFAEF) scheme. In contrast to most of the existing methods, which rely on complicated security associations among sensor nodes, our design, which directly exploits an en-route filtering hash function, appears to be novel. We examine the CFA and CFAEF schemes from both the theoretical and numerical aspects to demonstrate their efficiency and effectiveness.