METHOD AND SYSTEM FOR RESILIENT PACKET TRACEBACK IN WIRELESS MESH AND SENSOR NETWORKS
First Claim
1. A method for packet traceback in a network, comprising:
- maintaining an identity number (ID) for each node in a network;
generating a signature at each forwarding node using a secret key shared between this node and a sink;
upon receiving a packet at the sink, verifying correctness of the signatures of each packet by the sink in reverse order in which the signatures were added; and
determining signature validity in the forwarding path to determine a location of a false data injection source, and/or a colluding compromised node.
8 Assignments
0 Petitions
Accused Products
Abstract
A system and method for packet traceback in a network includes maintaining an identity number (ID) for each node in a network and generating a signature (e.g., a message authentication code (MAC)) using a secret key shared between each node on a forwarding path and a sink. Each forwarding node leaves a mark by appending its ID and a signature in the packet, either in a deterministic manner or with a probability. Upon receiving a packet at the sink, correctness of the signatures included in each packet is verified in the reverse order by which these signatures were appended. A last valid MAC is determined in the forwarding path to determine the locations of compromised nodes that collude in false data injection attacks.
67 Citations
22 Claims
-
1. A method for packet traceback in a network, comprising:
-
maintaining an identity number (ID) for each node in a network; generating a signature at each forwarding node using a secret key shared between this node and a sink; upon receiving a packet at the sink, verifying correctness of the signatures of each packet by the sink in reverse order in which the signatures were added; and determining signature validity in the forwarding path to determine a location of a false data injection source, and/or a colluding compromised node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer program product for packet traceback in a network comprising a computer useable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to perform the steps of:
-
maintaining an identity number (ID) for each node in a network; generating a signature at each forwarding node using a secret key shared between this node and a sink; upon receiving a packet at the sink, verifying correctness of the signatures of each packet by the sink in reverse order in which the signatures were added; and determining signature validity in the forwarding path to determine a false data injection source.
-
-
16. A method for packet traceback in a wireless mesh or sensor network, comprising:
-
maintaining a real identity number (ID) for each node in a network; computing an anonymous ID from the real ID based on a secret key known only to a current node and a sink; generating a message authentication code (MAC) using the secret key for each node in a forwarding path to mark each packet with at least two probabilities; tracing back the path to discover false data injection sources by; determining the real ID from the anonymous ID for nodes in the network; reconstructing a node route using marks present in each packet; and verifying correctness of the MAC of each packet back through each node of the forwarding path using the real ID and the secret key to determine a last valid MAC in the forwarding path. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A computer program product for packet traceback in wireless mesh or sensor networks comprising a computer useable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to perform the steps of:
-
maintaining a real identity number (ID) for each node in a network; computing an anonymous ID from the real ID based on a secret key known only to a current node and a sink; generating a message authentication code (MAC) using the secret key for each node in a forwarding path to mark each packet with at least two probabilities; tracing back the path to discover false data injection sources by; determining the real ID from the anonymous ID for nodes in the network; reconstructing a node route using marks present in each packet; and verifying correctness of the MAC of each packet back through each node of the forwarding path using the real ID and the secret key to determine a last valid MAC in the forwarding path.
-
Specification