Soft tamper-proofing via program integrity verification in wireless sensor networks

Small low-cost sensor devices, each equipped with limited resources, are networked and used for various critical applications, especially those related to homeland security. Making such a sensor network secure is challenging mainly because it usually has to operate in a harsh, sometimes hostile, and unattended environment, where it is subject to capture, reverse-engineering, and manipulation. To address this challenge, we present a program-integrity verification (PIV) protocol that verifies the integrity of the program residing in each sensor device whenever the device joins the network or has experienced a long service blockage. The heart of PIV is the novel randomized hash function tailored to low-cost CPUs, by which the algorithm for hash computation on the program can be randomly generated whenever the program needs to be verified. By realizing this randomized hash function, the PlV protocol 1) prevents manipulation/reverse-engineering/reprogramming of sensors unless the attacker modifies the sensor hardware (e.g., attaching more memory), 2) provides purely software-based protection, and 3) triggers the verification infrequently, thus incurring minimal intrusiveness into normal sensor functions. Our performance evaluation shows that the PIV protocol is computationally efficient and incurs only a small communication overhead, hence making it ideal for use in low-cost sensor networks.