Resource-Efficient Multi-Source Authentication Utilizing Split-Join One-Way Key Chain

Transcription

1 Resource-Effcent Mult-Source Authentcaton Utlzng Splt-Jon One-Way ey Chan Seonho Cho, un Sun, Hyeonsang Eom 3 Department of Computer Scence, Bowe State Unversty, Bowe, Maryland, U.S.A. Center for Secure Informaton Systems, George Mason Unversty, Farfax, Vrgna, U.S.A. 3 School of Computer Scence and Engneerng, Seoul Natonal Unversty, Seoul, orea Abstract In wreless ad hoc networks, most of the authentcaton protocols assume a sngle source of trust. However, n the presence of multple trust sources (called source group n ths paper), t becomes dffcult to desgn resource (or energy) effcent authentcaton protocols, especally for multcast/broadcast servces, utlzng multple trust sources at the same tme. Some tradtonal authentcaton approaches may be extended and used for ths purpose. However, the communcaton overhead, e.g,, may ncrease sgnfcantly n proporton to the number of trust sources. In ths paper, we propose a new scheme named as Multsource Authentcaton wth Splt-Jon One-Way ey Chan (SOC). In ths new technque, the communcaton overhead s small and constant, and the memory requrement at the verfer node s also mnmal. The source group node needs to store n keys where n represents the key chan length, whch may be a reasonable requrement consderng that the trust sources usually have more resources compared to other regular node(s) n the network (e.g., base statons n wreless sensor networks). eywords authentcaton, securty, protocol, wreless ad hoc networks Introducton In wreless ad hoc networks, most of the authentcaton protocols assume a sngle source of trust. For example, n a wreless sensor network (WSN), t s typcally assumed there s one trustworthy base staton and t s the only source of the trust. However, n the presence of multple trust sources (called source group n ths paper), t becomes dffcult to desgn resource (or energy) effcent authentcaton protocols utlzng multple trust sources at the same tme. Some tradtonal authentcaton approaches may be extended and used for ths purpose. However, the communcaton overhead, e.g,, may ncrease sgnfcantly proportonal to the number of trust sources. In ths paper, we propose a new scheme named as Mult-source Authentcaton wth Splt-Jon One-Way ey Chan (SOC). In ths new technque, the communcaton overhead s small and constant, and the memory requrement at the verfer node s also small. The source node needs to store n keys where n represents the key chan length, whch may be a reasonable requrement consderng that the trust sources usually have more resources compared to other regular node(s) n the network (e.g., as n sensor network). Our technque utlzes a delayed key dsclosure mechansm as n TESLA and utesla approaches [8,9], and also extended the one-way key chan technque to acheve the goals of mnmal communcaton overhead and mnmal storage requrements at the verfer nodes. Our SOC scheme may be appled to both uncast and multcast/broadcast authentcaton servces. But, the applcaton of our scheme would be smpler for uncast cases, and for most of the cases broadcast authentcaton servces are more mportant snce conveyng the nformaton from the trustworthy source to other nodes may be more crtcal compared to the communcaton between non-trustworthy nodes. For example, several routng protocols were proposed based on perodc broadcastng (e.g., floodng) of routng (or beacon) messages. These nclude TnyOS beaconng [6], drected dffuson and ts mult-path varants [0], etc. Also, several locaton dscovery schemes have been proposed whch utlze broadcastng capabltes to estmate node locatons [8]. Even though more advanced broadcast technques may be utlzed n the network, smple floodng may be preferred or requred due to the smplcty or nstablty of network connectons. Our proposed approach may be appled n both cases. Hence, we wll focus on developng and applyng the SOC scheme for the multcast/broadcast servces. Ths SOC scheme may be appled for varous authentcaton problems. However, to show ts applcablty we chose two authentcaton problems. For example, n wreless ad hoc networks, some attacks explot the fact that t s hard to authentcate the actual path (or number of hops) data packets traversed - especally the attacks aganst the broadcast servces. Snkhole and wormhole attacks belong to ths attack category [6]. Wth the mult-source authentcaton capabltes, each node would be able to detect and cope wth such attacks. A new path authentcaton technque may be developed by utlzng our Mult-source SOC scheme. For example, the source group keys may be duplcated and randomly dstrbuted across the network, so that the verfer nodes may be able check whether a packet has really passed through a certan number of source group nodes along the routng path from the clamed orgnaton pont. The SOC scheme may also be appled to WSNs wth multple base statons. It s typcally assumed that a WSN has

2 only one base staton. However, there may exst several drawbacks. Degraded relablty may be a problem due to a sngle pont of falure. The latency may be an ssue f the number of hops n the delvery paths may become large, whch may cause the reduced lfetme of the sensor nodes and, thus, the entre sensor network. The deployment of multple base statons were proposed to overcome these lmtatons [,,]. However, n the presence of multple base statons, t would be more dffcult to provde robust authentcaton servces snce t would be requred to tolerate compromse of multple base statons as well as sensor nodes. If we assume that the base statons can communcate wth each other drectly usng a separate channel, then our SOC based approach may be used n provdng mult-source broadcast authentcaton servces. It s also assumed that all the base statons need to partcpate n authentcatng the broadcast messages to provde ncreased securty levels. If we consder the mportance of the broadcast messages n WSNs, ths would be a vald assumpton. Related Works Several securty mechansms for authentcaton and secure routng protocols n wreless ad-hoc network are based on publc key cryptography ([5], [4]). However, untl now, the publc key cryptography s stll too expensve for the resource constraned moble nodes. Secure routng protocols based on symmetrc key cryptography have been proposed (e.g., [3], [4]). SEAD [3] s a dstance vector routng protocol based on DSDV. The basc dea s to use one-way hash chans to authentcate the metrcs and the sequence number of a routng table. The destnaton node can authentcate the source node; however, t cannot authentcate the ntermedate nodes along the path from the source node to the destnaton node. Aradne [4] uses per-hop hashng technque and source routng technques to prevent route msbehavors. However, t requres a precse tme synchronzaton among all the nodes, whch s usually dffcult to be acheved n the moble networks. Moreover, the communcaton overhead may ncrease sgnfcantly when ncludng all the dentfes and correspondng MACs for all the nodes along the path. Authentcatng broadcast (or multcast) traffc n wreless ad hoc networks s also a hard problem snce the tradtonal approaches lke dgtal sgnatures may not be adequate due to the heavy resource requrements. TESLA and μtesla approaches [7,9] were proposed as vable solutons to the authentcaton problem n such networks. μtesla utlzes the delayed key dsclosure and one-way key chan technques. Frst the packet s broadcast wth a calculated keyed Message Authentcaton Codes attached along wth the orgnal data porton, and only after suffcent tme s elapsed for all the nodes n the network to receve t, the correspondng key wll be dsclosed to the network nodes for authentcaton of the prevously sent data and MAC. TESLA and μtesla requres loose tme synchronzaton among the network nodes. Researchers have proposed several mechansms to prevent the false data necton attacks. Przydatek, Song, and Perrg propose SIA [], a secure nformaton aggregaton scheme for sensor networks that addresses the ssue of false data necton usng statstcal technques and nteractve proofs, ensurng that the aggregated result reported by the aggregaton node s a good approxmaton to the true value, even f a small number of sensor nodes and the aggregaton node may have been compromsed. SIA focuses on the accuracy of query results reported from the base staton, whereas our scheme focuses on the authentcty of the reports from sensor nodes and provdes a means to flter out any nected false data as early as possble. Both schemes can be combned to make the network more robust to false data necton attacks. SEF [3] s a statstcal en-route flterng mechansm to detect and drop false reports durng the forwardng process. Authentcatng event reports requres that nodes share certan securty nformaton, however, attackers can obtan such nformaton by compromsng a sngle node. To prevent any sngle compromsed node from breakng down the entre system, SEF carefully lmts the amount of securty nformaton assgned to each node, and reles on the collectve decsons of multple sensors for false report detecton. Frst, SEF dvdes a global key pool nto multple parttons and carefully assgns a certan number of keys from one partton to ndvdual node. Gven that any sngle node knows only a lmted amount of the system secret, compromsng one or a small number of nodes cannot dsable the overall network from detectng bogus reports. Second, by assumng that the same event can be detected by multple sensors, n SEF each of the detectng sensors generates a keyed message authentcaton code (MAC) and multple MAC are attached to the event report. As the report s forwarded, each node along the way verfes the correctness of the MAC s probablstcally and drops those wth nvald MACs. Fnally, the snk verfes the correctness of each MAC and elmnates remanng false reports that elude en-route flterng. Comparng to statstcal soluton provded by SEF, our soluton can provde a more resource-effcent path authentcaton, and t cannot handle the broadcast authentcaton. Zhu et al [5] present an nterleaved hop-by-hop authentcaton scheme for addressng the false data necton attack launched by the compromsed nodes. The scheme guarantees that the base staton wll detect any nected false data packets when no more than a certan number t nodes are compromsed. To defend aganst false data necton attacks, at least t + sensor nodes have to agree upon a report before t s sent to the base staton. t s a securty threshold based on the securty requrements of the applcaton under consderaton and the network node densty. Further, t provdes an upper bound for the number of hops that a false data packet could be forwarded before t s detected and dropped, gven that there are up to t colludng compromsed nodes. In other words, t also attempts to flter out false data packets nected nto the network by compromsed nodes before they reach the base staton, thus savng the energy for relayng them. [5] s the

3 most smlar work to our proposed scheme, but ther approach cannot handle the broadcast authentcaton. Our soluton approach utlzes a new SOC technque along wth the delayed key dsclosure to acheve a much smaller communcaton overhead. ey s Message Fgure. µtesla technque [7,9] s shown wth a key dsclosure delay of d=3 block perods. Note that keys are dsclosed later whle the message and MAC portons are dsclose n the correspondng block. 3 Methodology 3. Assumptons Block B -3 Block B - Block B - Block B Block B M-3 3 M- -3 s dsclosed wth a delay of d block perods M- M M+ MAC- MAC- MAC- Recever-sde Buffer up to B Packet P s We refer to the mnmum number of hops necessary for a packet to reach from any node located at one extreme edge of the network to another node located at the opposte extreme, as the dameter of the ad hoc network. Packets may be lost or corrupted n transmsson on the network. A node recevng a corrupted packet can detect the error and dscard the packet. Nodes wthn the ad hoc network may move at any tme wthout notce, and may even move contnuously, but we assume that the speed wth whch nodes move s moderate wth respect to the packet transmsson latency and wreless transmsson range of the partcular underlyng network hardware n use. We assume that nodes may be able to enable promscuous receve mode on ther wreless network nterface hardware, causng the hardware to delver every receved packet to the network drver software wthout flterng based on lnk-layer destnaton address. Even though ths feature s not requred, by utlzng ths feature, the performance of our scheme may be enhanced especally when the moblty level s hgh n the network. The local clocks of the nodes are assumed to be (at least) loosely synchronzed wth a maxmum tme synchronzaton error Δ. Varous tme synchronzaton technques were proposed for wreless ad hoc networks, and any of them may be utlzed to acheve ths requrement. Smlar assumptons MA MA M -3 eyed MAC wth Tm e were made n the broadcast authentcaton schemes such as TESLA, µtesla, etc. [7,9]. Also, the tme lne s assumed to be dvded nto block perods as n TESLA and µtesla approaches [7,9]. In each block perod one packet may be sent out for broadcastng by any vald broadcast orgnator (whch may be determned by the applcaton). Delayed key dsclosure mechansm s adapted and ncorporated n our scheme. Each broadcast packet contans the message, the authentcaton-related nformaton, and the key nformaton that s dsclosed for the prevously sent out message. The key dsclosure delay s denoted as d block perods. These can be seen n Fgure. We assume that there s one source and one or more recpents that are nvolved n each sesson (one or more data packets are delvered n each sesson). That s, our authentcaton approach may be used for both uncast and multcast/broadcast communcatons. However, we wll focus on developng protocols for broadcast servces as mentoned before. The packets are transmtted along a mult-hop delvery path to the recever(s). The delvery path wll be determned by a routng protocol used n the network. Many routng protocols were proposed for wreless ad hoc networks, and any of them wth reasonable route change rates (due to moblty) may be utlzed n the network. Fnally, t s assumed that the number of dfferent source group keys n one source group (whch s denoted as m) s an odd number. 3. Overvew of the Protocol The protocol carres out the followng three processes to provde the mult-source authentcaton. In ths scheme t s assumed that the number of source group keys, m, s an odd number.. Offlne SOC generaton (Fgure ): SOC s generated offlne by utlzng the source seed (Z 0 ), source keys (a ), oneway hash operaton, and the btwse EXOR operaton. Source nodes wth a secret source key a wll be equpped wth a chan of keys that are obtaned from the ntermedate keys, Y ( n-), by applyng the EXOR operaton wth a. The keys generated n ths process are denoted as SOC,..., }. { n The ntermedate keys that are generated n ths process are named as Y and Z, whch wll be explan n more detal n a later secton.. Sem-encrypted key pre-dstrbuton (Fgure 3): when the orgnal sender node (ths may be one of the source group nodes or may not be one of them) has some message to send, t wll frst send a packet that has the followng feld: random nonce R of k bts - ths would be used to prevent the dsclosure of the next key (Y ) n the SOC that s needed for the next round of valdaton.

4 M stands for the message n the -th packet. Ths value wll be stored n the verfer nodes for later authentcaton purposes. Verfers may store the other feld values such as the actual message (M ) dependng upon the scheme). 3. delayed key dsclosure wth verfcaton (Fgure 3): After the key dsclosure delay (d block perods), the orgnal sender of R wll start the key dsclosure process by ncludng the followng felds n the packet: dsclose the actual random nonce used d block perod before (R ) - the orgnal sender wll ntalze ths feld to all 0s. key dsclosure feld for accommodatng the SOC keys from the m source group nodes (they wll be EXORed and ths feld requres only k bts) Fgure. SOC generaton: the entre key chan s generated offlne and only the keys n the sold rectangles are stored n the nodes. The keys,, are stored n the -th source node(s). Y n s bootstrapped n each verfer node. The ntermedate keys and even the secret source keys, a, are not stored n any node n the network. Once ths feld s flled wth a random number generated by the orgnal source and the packet s sent out, the frst source group node from a (ths may be the same as the orgnal sender node) wll apply EXOR operaton wth ths random number to (ts next key n the SOC ts Message), and forward the packet to the next node n the delvery path. The next source group nodes wth dfferent source keys wll carry out the same process: get the value from ths feld and apply EXOR operaton to t. But, ths process s done only once for each source key a, m. In other words, f there are multple source group nodes wth the same source key n the delvery path, only the frst one wll carry out ths process. When the packet fnshed traversng all the source group nodes wth m dfferent source keys, then the verfer nodes n the remanng path wll have the followng value n the packet feld: R a a a Y M 3 Each group source nodes wll apply EXOR operaton between the next key n SOC and the value from the key dsclosure feld mentoned above, and store back the result nto the key dsclosure feld agan. After the packet traverses all of the m source group nodes wth dfferent source keys, the packet wll contan the followng value n ts key dsclosure feld: a a a3 Y Z Once the packet reaches a verfer node, and f the packet s clamed to have traversed m dfferent source group nodes, then the verfer node wll carry out a sequence of steps. Frst, t wll extract the ntermedate key, Z, from the key dsclosure feld, and checks whether ths ntermedate key s really from the authentc SOC by applyng the one-way hash operaton and comparng the result to the already stored Y +. If they don't match, then the key dsclosure packet s dscarded, and the already stored message M wll not be authentcated. If they match, then the verfer extracts the ntermedate key, Y, by multplyng a a a to Z 3, and stores t as Y as a newly dsclosed authentc SOC key to be used n the next round of authentcaton. Then, the verfer wll check the followng condton to compare to the already stored Φ. R a a a Y M 3 If the equalty holds, then the prevously (n TESLA) stored R and M are valdated. 3.3 Basc Scheme Notatons The followng are defned for our authentcaton process: Source group: a group of nodes equpped wth SOCs generated from m dfferent source keys, a where m, are dstrbuted among N src number of source nodes (m N src ). It s assumed that m s an odd number n ths scheme. The source nodes may or may not be located n close proxmty, and some source

5 nodes may have the same source key f m<n src. The source key sze s denoted as k bts. Verfer group: N vrf nodes (e.g., multcast group members or all the nodes n the broadcast case) are equpped wth a verfcaton nformaton for authentcatng a packet's traversng of at least m source nodes wth dfferent a n the routng path. That s, a verfer node has the ablty to verfy that the packet passed through all the source group nodes wth m dfferent source keys. The followng are the nformaton kept n the source group node and the verfer group node: Source node from a keeps the followng tems: o Splt-Jon One-way ey Chan from a : SOC { n,..., } o publc source key sum a a a a m o cryptographc one-way hash functon Verfer node keeps the followng tems: o publc source key sum a a o last key, Y n, n the SOC o cryptographc one-way hash functon a SOC generaton wth m source keys, a, m (Fgure ): Ths process s assumed to be carred out offlne before the network launch tme. The possble ssues that may arse n developng onlne SOC generaton wll be addressed n the proposed research secton later. For the offlne case, the detaled algorthm s shown n Fgure and the detaled steps are lsted as follows:. Apply a cryptographc hash functon to Z 0 to generate Y whch s also k-bt long. a. That s, Y = H(Z 0 ).. Calculate a key n the chan by applyng the EXOR operaton wth a secret source key a, a Y. 3. Calculate Z = a Y ( m Y. a a a ) 4. Apply a cryptographc hash functon to Z to generate Y. That s Y = H(Z ). 5. Calculate the second key a. Y m n the chan, 6. Calculate Z = a Y ( m Y. a a a ) 7. Repeat steps 4 through 6 untl key n s obtaned. The one-way key chan at the source s now obtaned as SOC,..., }. The keys n ths SOC are { n bootstrapped n the source group nodes. These keys are used n reverse order startng from n. The last key Y n n the entre SOC s assumed to be bootstrapped at each verfer node. Packet Format The -th packet, <n, has the followng packet format consstng of 5 felds: () SRC ndex bts () Sem-Encrypted ey (Φ ) pre-dstrbuton k bts (3) Nonce (R -d ) dsclosure - k bts (4) SOC ey (for a Y ) dsclosure - k bts d (5) Message (M ) SRC ndex bts are used for showng whch source group nodes the packet has been traversed. For example, t ts -th bt s set to, then t means that the packet s clamng that t has already traversed a node wth the source key a, and, f ts -th bt s 0, then t means that the packet has not traversed any such node. If another source node wth the same a receves the packet whose -th SRC ndex bt s set to, then t wll forward the packet wthout modfyng any of the felds, even though t can repeat the process wthout any adverse effect but, t wll waste resource f t does. The other three felds followng the SRC ndex bts feld wll be used n the sem-encrypted key pre-dstrbuton and the delayed key dsclosure wth verfcaton processes. Note that the nonce dsclosure and SOC key dsclosure felds wll dsclose the values that were prevously used n the (-d)-th block perod. After the key dsclosure delay (.e., d block perods), another packet needs to be sent by the orgnal sender and t would contan the followng felds: () SRC ndex bts () Sem-Encrypted ey (Φ +d ) pre-dstrbuton k bts (3) Nonce (R ) dsclosure - k bts (4) SOC ey (for a Y ) dsclosure - k bts (5) Message (M ) Sem-encrypted key pre-dstrbuton at the source node wth a source key a ( m): Agan, the purpose of ths process s to let source group nodes to reveal ther SOC keys n a sem-encrypted form by applyng the EXOR operaton to the random nonce (R ) sent out by the orgnal sender of the packet. Let s assume that the a -th packet s sent out by the orgnal sender. The process s shown n Fgure 3 and the detaled steps are descrbed as follows:

6 . Orgnal sender generates a random nonce (R ) and nsert t nto the sem-encrypted key pre-dstrbuton feld n the packet before sendng t.. Each source group node from a source key, a, n the delvery path wll carry out the followng: a. f the SRC ndex bt (whose ndex value s ) s equal to, then go to step 3. b. extract the value n the sem-encrypted key predstrbuton feld (let t be denoted as x). c. extract M from the packet. d. calculate M x and store ths as a new value n the sem-encrypted key pre-dstrbuton feld of the packet. e. set the SRC ndex bt (whose ndex value s ) as. 3. Each verfer node wll perform the followng steps: a. f all of the m bts are set to n the SRC ndex bts feld, then the node wll extract the value of the sem-encrypted key pre-dstrbuton feld, and store t as Φ to be used at the future verfcaton tme (after d block perods). 4. Forward the packet f t s needed. Delayed key dsclosure and verfcaton after the key dsclosure delay (Fgure 3) Because the actual SOC keys are dsclosed after the delay (d block perods), the verfcatons of the keys and messages that were ncluded n the -th packet may be carred out when the nodes receve/process a packet n the (+d)-th block perod. So, we dsclose the -th keys from the SOCs n the (+d)-th packet, and the verfcatons wll be carred out by the verfer nodes upon the recept of the (+d)-th packet. The process s depcted n Fgure 3, and the detaled steps are descrbed as follows:. Orgnal sender dscloses the nonce (R ) by ncludng n the (+d)-th packet s nonce dsclosure feld.. Each source group node from a source key, a, n the delvery path wll carry out the followng: a. f the SRC ndex bt (whose ndex value s ) s equal to, then go to step 3. b. extract the value from the SOC key dsclosure feld (let t be denoted as y). c. calculate y and store ths as a new value nto the SOC key dsclosure feld of the packet. d. set the SRC ndex bt (whose ndex value s ) as. 3. Each verfer node wll perform the followng steps: a. f all of the m bts are set to n the SRC ndex bts feld, then the node wll perform the followng steps:. extract the value of the SOC key dsclosure feld (let t be denoted as z).. check whether H(z)=Y + a) If not, then the key valdaton for SOC fals, dscards the packet and ext from the algorthm. b) If the equalty holds, then store a am z as a vald Y for future SOC valdaton. A. calculate R z M R a a a Y M and 3 compare ths to Φ that were extracted and stored n the prevously receved -th packet.. If they are the same, then the mult-source authentcaton succeeds for M.. If they don t match, then the mult-source authentcaton fals for M. 4. Forward the packet f t s needed. Resource Requrements (Fgure 3) The resource requrements at a source group node from a are: n k bts are needed for storng the SOC keys The resource requrements at a verfer node are: k bts: for storng the SOC valdaton key Y n d k bts: for storng Φ n at most d d consecutve block perods k bts: for temporarly storng Z and a a a3 Y Z Hence, the total memory requrement at a verfer node s (d+3) k bts. The communcaton overhead at each packet (purely needed for our scheme) conssts of the followng: m bts: for SRC ndex bts 3k bts: for sem-encrypted key pre-dstrbuton feld, nonce dsclosure feld, SOC key dsclosure feld Hence, the total overhead s m+3k bts for each packet. 4 Concluson We presented a new resource-effcent mult-source authentcaton scheme wth Splt-Jon One-Way ey Chan (SOC). In ths new technque, the communcaton overhead s small and constant, and the memory requrement at the verfer node s also mnmal. Ths technque may be effectvely used for wreless ad hoc networks when there exst multple trust sources to be utlzed.

7 Fgure 3. Sem-encrypted key pre-dstrbuton and a delayed key dsclosure along wth the verfcatons at verfer nodes 5 Acknowledgement Ths work was supported n part by US Army Research Offce (ARO) grant W9NF , and n part by Seoul R&BD Program (No. JP0034). 6 References [] J. Deng, R. Han, and S. Mshra, "Enhancng Base Staton Securty n Wreless Sensor Networks", Techncal Report CU-CS-95-03, Unversty of Colorado, Aprl 003. [] S. Gandham, M. Dawande, R. Prakash, S. Venkatesan, "Energy effcent schemes for wreless sensor networks wth multple moble base statons," IEEE Globecom '03, pp , January 004. [3] Y.-C. Hu, D. B. Johnson, and A. Perrg, SEAD: Secure effcent dstance vector routng for moble wreless ad hoc networks, n Proceedngs of the 4th IEEE Workshop on Moble Computng Systems and Applcatons (WMCSA 00), June 00, pp [4] Y.-C. Hu, A. Perrg, and D. Johnson. Aradne: A secure on-demand routng protocol for ad hoc networks. Wreless Networks Journal, (), 005. [5] J. Hubaux, L. Buttyan, and S. Capkun, The quest for securty n moble ad hoc networks, n Proceedngs of the ACM Symposum on Moble Ad Hoc Networkng and Computng (MobHOC 00), 00. [6] Chrs arlof and Davd Wagner, Secure Routng n Wreless Sensor Networks: Attacks and Countermeasures, In Proceedngs of the Frst IEEE Internatonal Workshop on Sensor Network Protocols and Applcatons, May 003. [7] Donggang Lu, Peng Nng, Mult-Level u-tesla: A Broadcast Authentcaton System for Dstrbuted Sensor Networks, Submtted for ournal publcaton. Also avalable as Techncal Report, TR , North Carolna State Unversty, Department of Computer Scence, March 003. [8] S. Park, A. Bhata, and J.-H. Youn (USA). Hop-Count based Locaton Dscovery n Ad Hoc Sensor Networks. In Proceedng (44) Wreless Networks and Emergng Technologes [9] A. Perrg, R. Canett, D. Song, and D. Tygar, Effcent and secure source authentcaton for multcast. In Proceedngs of Network and Dstrbuted System Securty Symposum, 00. [0] R. d Petro, L. V. Mancn, Y. W. Law, S. Etalle and P. Havnga A drected dffuson-based secure multcast scheme for wrless sensor networks.frst Internatonal Workshop on Wreless Securty and Prvacy (WSPr'03) [] B. Przydatek, D. Song, and A. Perrg. SIA: Secure Informaton Aggregaton n Sensor Networks. In Proc. of ACM SenSys 003. [] Y. Ramamurthy, B. Xue, " A ey Management Protocol for Wreless Sensor Networks wth Multple Base Statons," Proceedngs of the IEEE Internatonal Conference on Communcatons, 008, ICC'08, pp , Beng, Chna, May 008. [3] Fan Ye, Hayun Luo, Songwu Lu, Statstcal En-Route Flterng of Inected False Data n Sensor Networks. IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 3, NO. 4, APRIL 005 [4] L. Zhou and Z. Haas, Securng ad hoc networks, IEEE Network Magazne, vol. 3, no. 6, November/December 999. [5] Sencun Zhu, Saneev Seta, and Sushl Jaoda. An Interleaved Hop-by-Hop Authentcaton Scheme for Flterng of Inected False Data n Sensor Network