H²BSAP: A hop-by-hop Broadcast Source Authentication Protocol for WSN to mitigate DoS attacks

Broadcast communication is a dominant communication pattern in WSN. As a major security concern, the broadcast source authentication is needed to mitigate impersonation of a broadcast source, modifications of its broadcasted data, or depletion of the limited energy of sensors caused by an attacker injecting useless broadcast traffic. Several Broadcast Source Authentication Protocols (BSAPs) were proposed in the literature. One class of them is time asymmetry-based BSAPs like ¿TESLA [1] protocol. These BSAPs operate delayed key-disclosure to secure broadcast communications, but they suffer from a kind of DoS attack, called resource-draining attack, in which an attacker floods the network with fake messages that all sensors of the network buffer and forward, then later verify, thus causing buffer overflow and batteries depletion. In this paper we propose the H²BSAP protocol, to overcome this kind of DoS attacks, by achieving a hop-by-hop authentication of broadcasted messages, thus limiting the damage of an attacker to its one-hop neighbors only, instead of the entire network.