Protocol design, implementation and integration for the protection of sensor data confidentiality and integrity

Wireless sensor networks are data centric because in many applications, sensor nodes are required to generate data, collect data, storage data and process data queries. Meanwhile, wireless sensor networks are vulnerable to security attacks because they are deployed in unattended (often hostile) environments and do not have tamper resistant hardware. Therefore, secure and efficient data management schemes are necessary to sensor networks. In this thesis work, we study how to secure a representative type of sensor data management approach called data centric storage based (DCS) schemes, with focus on protecting data confidentiality and integrity. Considerable efforts have been made for securing DCS, however, existing work has the limitations of (i) not considering user node compromise, (ii) lack of studies on real system implementation and detailed experiments, and (iii) lack of studies on integrating security schemes to defend against multiple attacks simultaneously. To overcome these limitations, we have conducted the following research: Firstly, we have designed a new data confidentiality protocol called DKVP (data and key vulnerability protection) scheme to protect sensor data confidentiality in presence of user node compromise. Secondly, we have implemented three polynomial-based sensor data confidentiality and integrity protection schemes, namely, the adaptive polynomial-based scheme for secure data storage and query (APB), the message authentication function based schemes for data integrity (MAF), and the DKVP scheme, on top of TinyOS/Mote platform. Thirdly, we have developed a prototype system that consists of (i) integrated data confidentiality and integrity protection modules (i.e., the APB, MAF and DKVP schemes), (ii) effective and friendly interfaces to application developers to facilitate inclusion of security features into application programs, and (iii) example programs to