TY - JOUR
T1 - Distributed privacy-preserving access control in sensor networks
AU - Zhang, Rui
AU - Zhang, Yanchao
AU - Ren, Kui
N1 - Funding Information:
This work was supported in part by the US National Science Foundation under grants CNS-0716302/1122697, CNS-0844972 (CAREER), CNS-0831963, and CNS-1117811. The authors would like to thank Dr. Jie Gao and Dr. Rik Sarkar for sharing the simulation code of the Double Rulings scheme. The authors would also like to thank anonymous reviewers for their constructive comments. The preliminary version of this paper appeared in IEEE INFOCOM ’09 [1].
Funding Information:
Kui Ren (SM’11) received the bachelor’s and master’s degrees from Zhejiang University and the PhD degree from Worcester Polytechnic Institute. He is currently an assistant professor of Electrical and Computer Engineering Depart-ment at the Illinois Institute of Technology. His research expertise includes Cloud Computing & Security, Wireless Security, and Smart Grid Security. His research is supported by NSF (TC, NeTS, CSR, NeTS-Neco), DoE, AFRL, and Amazon. He is a recipient of National Science Foundation Faculty Early Career Development (CAREER) Award in 2011. He serves as an associate editor for IEEE Wireless Communications and IEEE Transactions on Smart Grid. He is a senior member of IEEE and a member of ACM.
PY - 2012
Y1 - 2012
N2 - The owner and users of a sensor network may be different, which necessitates privacy-preserving access control. On the one hand, the network owner need enforce strict access control so that the sensed data are only accessible to users willing to pay. On the other hand, users wish to protect their respective data access patterns whose disclosure may be used against their interests. This paper presents DP 2 AC, a Distributed Privacy-Preserving Access Control scheme for sensor networks, which is the first work of its kind. Users in DP 2 AC purchase tokens from the network owner whereby to query data from sensor nodes which will reply only after validating the tokens. The use of blind signatures in token generation ensures that tokens are publicly verifiable yet unlinkable to user identities, so privacy-preserving access control is achieved. A central component in DP 2 AC is to prevent malicious users from reusing tokens, for which we propose a suite of distributed token reuse detection (DTRD) schemes without involving the base station. These schemes share the essential idea that a sensor node checks with some other nodes (called witnesses) whether a token has been used, but they differ in how the witnesses are chosen. We thoroughly compare their performance with regard to TRD capability, communication overhead, storage overhead, and attack resilience. The efficacy and efficiency of DP 2 AC are confirmed by detailed performance evaluations.
AB - The owner and users of a sensor network may be different, which necessitates privacy-preserving access control. On the one hand, the network owner need enforce strict access control so that the sensed data are only accessible to users willing to pay. On the other hand, users wish to protect their respective data access patterns whose disclosure may be used against their interests. This paper presents DP 2 AC, a Distributed Privacy-Preserving Access Control scheme for sensor networks, which is the first work of its kind. Users in DP 2 AC purchase tokens from the network owner whereby to query data from sensor nodes which will reply only after validating the tokens. The use of blind signatures in token generation ensures that tokens are publicly verifiable yet unlinkable to user identities, so privacy-preserving access control is achieved. A central component in DP 2 AC is to prevent malicious users from reusing tokens, for which we propose a suite of distributed token reuse detection (DTRD) schemes without involving the base station. These schemes share the essential idea that a sensor node checks with some other nodes (called witnesses) whether a token has been used, but they differ in how the witnesses are chosen. We thoroughly compare their performance with regard to TRD capability, communication overhead, storage overhead, and attack resilience. The efficacy and efficiency of DP 2 AC are confirmed by detailed performance evaluations.
KW - Wireless sensor networks
KW - access control
KW - privacy
KW - security
UR - http://www.scopus.com/inward/record.url?scp=84863522640&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84863522640&partnerID=8YFLogxK
U2 - 10.1109/TPDS.2011.299
DO - 10.1109/TPDS.2011.299
M3 - Article
AN - SCOPUS:84863522640
SN - 1045-9219
VL - 23
SP - 1427
EP - 1438
JO - IEEE Transactions on Parallel and Distributed Systems
JF - IEEE Transactions on Parallel and Distributed Systems
IS - 8
M1 - 6095540
ER -