This paper presents a suite of protocols called FIRE (Forgery-resilient Intrusion detection, Recovery and Establishment of keys), for detecting and recovering compromised nodes in sensor networks. FIRE consists of two protocols: an intrusion detection and code update protocol, and a cryptographic key update protocol. In concert, the FIRE protocols enable us to design a sensor network that can always detect compromised nodes (no false negatives), and either repair them through code updates and set up new cryptographic keys, or revoke the compromised nodes from the network.

The FIRE protocols are based on ICE (Indisputable Code Execution), a mechanism providing externally verifiable code execution on off-the-shelf sensor nodes. ICE gives the following two properties: 1) the locations in memory from where the code is currently executing on a sensor node, matches memory locations being verified and 2) the memory contents being verified are correct. Together, these two properties guarantee that the code currently executing on the sensor node is correct.

The FIRE protocols represent a significant step towards designing secure sensor networks. As far as we are aware, there are no techniques for intrusion detection in adhoc and sensor networks that do make any false negative claims. Also, we do not know of any existing techniques that can automatically recover compromised sensor nodes.

We present an implementation of our FIRE protocols and ICE on current off-the-shelf sensor devices.

25 pages

Return to: SCS Technical Report Collection
School of Computer Science homepage

This page maintained by reports@cs.cmu.edu