Content uploaded by W. Schott
Author content
All content in this area was uploaded by W. Schott on Feb 04, 2014
Content may be subject to copyright.
Li,Bai,Doss,R.,Batten,L.M.andSchott,W.2009,Fastrecoveryfromnodecompromiseinwireless
sensornetworks,inNTMS2009:ProceedingsoftheNTMS20093rdInternationalConferenceon
NewTechnologies,MobilityandSecurity,IEEE,Piscataway,N.J.,pp.1‐6.
©2009IEEE.Personaluseofthismaterialispermitted.However,permissiontoreprint/republish
thismaterialforadvertisingorpromotionalpurposesorforcreatingnewcollectiveworksforresale
orredistributiontoserversorlists,ortoreuseanycopyrightedcomponentofthisworkinother
worksmustbeobtainedfromtheIEEE.
Abstract—Wireless Sensor Networks (WSNs) are susceptible to a
wide range of security attacks in hostile environments due to the
limited processing and energy capabilities of sensor nodes.
Consequently, the use of WSNs in mission critical applications
requires reliable detection and fast recovery from these attacks.
While much research has been devoted to detecting security attacks,
very little attention has been paid yet to the recovery task. In this
paper, we present a novel mechanism that is based on dynamic
network reclustering and node reprogramming for recovering from
node compromise. In response to node compromise, the proposed
recovery approach reclusters the network excluding compromised
nodes; thus allowing normal network operation while initiating node
recovery procedures. We propose a novel reclustering algorithm that
uses 2-hop neighbourhood information for this purpose. For node
reprogramming we propose the modified Deluge protocol. The
proposed node recovery mechanism is both decentralized and
scalable. Moreover, we demonstrate through its implementation on a
TelosB-based sensor network testbed that the proposed recovery
method performs well in a low-resource WSN.
Keywords - Attack recovery, wireless sensor network, clustering
I. INTRODUCTION
Wireless sensor networks are deployed in many mission
critical applications. With their development, various novel
security attacks have appeared. The aims of these attacks are
usually to take over nodes in the network, destroy nodes or to
disrupt data flow. Efficient detection and recovery from such
attacks have become major challenges in protecting sensor
networks from such compromises [1, 2].
WSNs are characterized by random deployments leading to a
flat network topology; but clustering of sensors leading to a
hierarchical routing structure [3-8] can provide security
advantages in enabling localisation and isolation of an attack as
well as in responding to an attack quickly. To achieve recovery,
the objective is to use clustering in an efficient manner in order to
maintain the network’s ability to operate for as long as possible
even when some nodes are compromised. However, for a
clustering scheme to be useful for practical applications in WSNs,
it must be suited to the memory and processing capabilities of low
resourced sensor devices. From a security perspective, it should
enable recovery from an attack by reorganisation of the network
structure in order to minimise the impact of node compromise on
network resources and operation. This is the main motivation for
our work.
In this paper, we present a novel recovery approach that
includes a clustering algorithm for low-resource stationary
wireless sensor networks in conjunction with a reprogramming
mechanism to enable efficient recovery from node compromise
while maintaining the operation of the network. The recovery
approach takes into account the state of individual sensors to
ensure energy-sensitive cluster and network organization.
The contribution of this work can be summarized as:
• A recovery mechanism that combines network reclustering
and node reprogramming to dynamically re-organize the network
into a clustered network architecture that does not include
compromised nodes: thus permitting the network to be
operational while initiating node reprogramming procedures to
recover compromised nodes.
• Demonstration that the proposed recovery mechanism
comprising of network reclustering and node reprogramming can
be implemented efficiently on a sensor network testbed using
TelosB motes.
The rest of the paper is organised as follows. After an
overview on related work in Section II, we present our recovery
mechanism in Section III. In Section IV, the benefits of the
proposed scheme are discussed by means of experimental results,
and Section V concludes the paper.
II. 1B RELATED WORK
In this section, we present a brief overview of clustering and
reprogramming in wireless sensor networks.
Clustering was originally developed with the aim of
introducing a hierarchical structure: clusters are subsets of nodes
in the WSN managed by a member of the subset referred to as an
‘aggregator’. Mirkovic et al. [3] organize a large-scale sensor
network by maintaining a dynamic multicast tree-based
forwarding hierarchy that allows multiple sinks to obtain data
from a sensor source. This method consumes significant power
which leads to reduced network lifetime. Krishnan and
Starobinski [4] present two algorithms that produce clusters of
B. Li1, R. Doss1, Member IEEE, L.M. Batten1, Senior Member, IEEE, and W. Schott2, Senior Member, IEEE
1School of Information Technology, Deakin University, Australia
2IBM Research GmbH, Zurich Research Laboratory, Switzerland
Fast Recovery from Node Compromise in
Wireless Sensor Networks
978-1-4244-6273-5/09/$26.00 ©2009 IEEE
Authorized licensed use limited to: DEAKIN UNIVERSITY LIBRARY. Downloaded on April 09,2010 at 05:54:01 UTC from IEEE Xplore. Restrictions apply.
bounded size and low diameter by having nodes allocate local
growth budgets to neighbours. However, the cluster size can be
very large which cannot provide for our purposes efficient
recovery at the recovery stage. Meguerdichian et al. [5] have
formulated the exposure and coverage properties of sensor
networks using computational geometry-based techniques such as
the Voronoi diagram and the Delaunay Triangulation. However,
this approach is centralized and difficult to implement across the
WSN. Slijepcevic and Potkonjak [6] propose a heuristic that
organizes the sensor network by selecting mutually exclusive sets
of sensor nodes that together completely cover the monitored
area. Heinzelman et al. [7] proposed an alternative
clustering-based approach, called LEACH (Low-Energy
Adaptive Clustering Hierarchy), with the aim of sharing the
energy load across clusters. The LEACH protocol implements a
load-balancing procedure that allows different nodes to become
aggregators at different times. The assumption that all the sensors
have the ability to communicate with the base station directly
makes LEACH impractical for large scale sensor networks. Wu
[8] has proposed the enhanced multi-point relay (EMPR)
algorithm to efficiently partition a WSN with a flat topology into a
hierarchical network by identifying a set of multi-point relays that
can be shown to be fully connected thus forming a connected
dominating set (CDS)F
1
F of network nodes. We use EMPR as the
basis of our clustering algorithm.
There has also been much work on reprogramming in WSNs
as a solution to failed message reception or in order to install
updated code. Over the air programming (OAP) of sensor nodes is
attractive for recovery techniques. The process of over the air
reprogramming can be generalised into the following steps – (1)
encoding, (2) dissemination and (3) decoding [2]. In the first step,
the control node (base station or aggregator) prepares the code
packets to be distributed. The code is disseminated by the control
node in the second step which is followed by the sensor device
receiving the code packets, decoding and storing the code packets.
At this point, within the node, the network programming module
rebuilds the program code and calls the boot loader to load the
code into program memory.
In considering our own approach to reprogramming, we
considered the best current approaches. Current methods for over
the air reprogramming include XNP from Crossbow [2], Deluge
[2], MOAP [9] and incremental programming [10]. Each of these
methods is designed for either multi-hop or single-hop
reprogramming of all nodes in a deployment. XNP broadcasts the
program code over a single-hop, Deluge makes use of epidemic
dissemination over multi-hops to reprogram all nodes in the
network and MOAP supports multi-hop programming.
Incremental programming targets components of the code in the
node that need to be changed, and then reprograms using only
former or updated versions of these components. In order to do
this, it applies the Rsync algorithm [11] to sensor nodes.
1 A CDS is defined as a subset of nodes of a network, where every node is either
in the subset or a neighbor of a node in the subset, and the graph introduced by the
subset is fully connected.
None of these methods enables the reprogramming of a
specific node either over a single-hop or multi-hop and hence are
not directly suited for node recovery purposes.
As the basis for our design of a reprogramming protocol for
individual nodes, we chose Deluge based on the fact that it aims to
increase the transmission throughput by using optimisation
techniques such as adjusting the packet transmission rate and
spatial multiplexing. We modified the Deluge protocol to
selectively reprogram nodes that have been identified as
compromised. The descriptions of the modification and the
performance of the redesigned Deluge protocol as evaluated
through field experiments using our test bed is presented in
Section V.
III. 2BNOVEL RECOVERY MECHANISM
A. 6BPreliminaries
WSNs can be built in a number of ways depending on the
desired application [1]. Often, several types of nodes are present,
classified in terms of the role they play, such as gathering data,
analyzing data, or deploying applications.
An intuitive analysis of the sensor network activities of a
simple network leads to mapping tasks to roles as follows:
- a cluster member node (CM) senses and transmits data
- an aggregator node (AG) controls member nodes and senses,
collects, aggregates, analyses and transmits data
- a base station (BS) controls the system and collects,
analyses, transmits and stores data.
For the purposes of an attack situation in which nodes can be
lost or compromised, detection and recovery can only take place
efficiently if the network can function as normally as possible. We
propose to therefore retain connectivity and maximize flexibility
in the network. This is achieved by allowing each node to play the
role of either a member or aggregator node as appropriate under
the conditions arising, and at the same time, for the entire network
to efficiently re-organize itself in order to remain connected when
a node compromise is detected.
Thus, all nodes must assume the functions of a member node
while aggregator nodes, in addition, take on the responsibility of
coordinating the sensing activities in their neighbouring region
(also known as a sensing zone) and aggregate and forward the
information to the base station. The task of coordination is not a
simple one and it is also not a short term job. In order to provide
instantaneous sensing and reporting capability (dependent upon
sensing applications) each aggregator node may need to
systematically rotate its responsibilities transparently among
neighbouring nodes without much communication overhead.
B. 7BRecovery Model
In this paper, our focus is on recovery from a node
compromise. We assume that a node compromise in the network
Authorized licensed use limited to: DEAKIN UNIVERSITY LIBRARY. Downloaded on April 09,2010 at 05:54:01 UTC from IEEE Xplore. Restrictions apply.
has been detected and the extent of damage is known. Our
objective is to implement speedy recovery.
We identify three stages within our recovery model. The first
is detection of an attack or node compromise, the second is
response to this, and the third is recovery from it. Each stage
employs different strategies and methods. There are a number of
procedures available in the literature for detection of attacks. We
propose the use of authentication procedures and voting
algorithms for detection purposes. All code updates and
reclustering /reprogramming commands are authenticated and
supported by a lightweight authentication protocol that uses a
shared secret between the base station and each sensor device and
a hash function (we propose the use of SHA-1 or Rabin). A
detailed security analysis of the authentication protocols for
supporting network reclustering and node reprogramming is
presented in our previous work [15]. The authentication protocol
ensures that malicious nodes cannot compromise the reclustering
or reprogramming process.
Since the focus of this paper is not on detection, we refer the
reader to Chapter 17 of [14] for an overview of recent papers
applicable to the low resource sensor networks. At the end of the
detection phase we assume that compromised nodes have been
identified.
In the response stage, we initiate reclustering procedures to
reorganize the network excluding compromised nodes hence
allowing the network to stay operational during the node recovery
phase. This is critical as nodes that have been compromised may
be beyond recovery and hence should be excluded from the
network at the earliest so as to minimize the impact of the
compromise on normal network operation.
The final stage is recovery and we attempt to recover
compromised nodes through reprogramming. Once successfully
reprogrammed, the nodes can again join existing clusters and
resume normal operation. However, if reprogramming is
impossible, the nodes are deleted from the network. Further, to
ensure security robustness, we take the additional step of limiting
the role of a compromised AG node to that of a member node in
the reclustered network.
WSNs configured in this way will be able to implement
recovery more quickly than WSNs which are not. This is because
it is possible to employ a localized approach, cluster by cluster, in
detecting, responding to and recovering from an attack. The
detailed description of self-organization and the cluster building
are provided in the next section.
C. 8BRe-Clustering Algorithm
Our re-clustering algorithm exploits the self-organization
capabilities of the WSN to achieve a specific target structure to
optimize the recovery process. We propose a decentralized
approach to node configuration with the following target
conditions:
• each node be no more than two hops away from an
aggregator node,
• the aggregator set be connected enabling transmission of
data along the aggregators to the base station, and
• some AG be one hop away from the BS.
The connectedness of the WSN to the BS in order to ensure
regular operation of the data sensing tasks is assured by the
connectedness of all nodes through the AGs. In addition, we aim
for energy-efficiency by choosing aggregators with high battery
energy levels.
Fig. 1 illustrates the topology of the envisioned WSN. It
comprises a number of low-resource sensor nodes that are
connected to a base station (BS) in order to analyze the sensed
data. By partitioning the WSN topology into a set of clusters, a
hierarchical network topology is obtained that is power-efficient,
scalable, and resilient to security attacks.
Each cluster comprises one AG and several cluster members
(CMs). Each CM is always connected to a single associated AG to
exchange data and control packets. The communication between
CMs and the AG is controlled by establishing synchronization
between the involved nodes and using a cyclic superframe
structure of length tP as proposed for example in [12]. At the
beginning of a superframe, the AG sends a beacon message to
wake-up sleeping CMs and coordinate the intra-cluster
communication within the active period of the superframe in a
Time Division Multiple Access (TDMA) based manner. During
the inactive period of the superframe, CMs are sent to sleep to
preserve battery energy. An AG aggregates the data sensed by the
CMs of its cluster and transmits the aggregated data to the BS. For
this purpose, AGs are connected among each other to form an
overlay network that manages itself in a distributed fashion. The
AGs communicate with each other by using a CSMA/CA
Medium-Access Control (MAC) scheme and employing
multi-hop packet transmissions. Therefore, AGs also act as relays
to forward packets on behalf of other aggregators to the BS.
For this purpose, each node v broadcasts a HELLO message at
a random time instant within the superframe time interval tP. Each
message carries the ID of the transmitting node v, the IDs of all
currently known 1-hop neighbors of the transmitting node, and the
metric values M that characterize the capabilities of the node v and
its neighbors to act as an AG.
The metric M(v) of node v is defined as
maxmax
)(
)1(
)(
)( d
vd
a
e
ve
avM −+= , a
∈
[0,1],
where e is the available battery energy of the node and emax its
maximum value, d is the node degree that should not exceed a
pre-defined value dmax, and a is a pre-defined weighting
parameter.
Authorized licensed use limited to: DEAKIN UNIVERSITY LIBRARY. Downloaded on April 09,2010 at 05:54:01 UTC from IEEE Xplore. Restrictions apply.
To successfully distribute all neighborhood information between
the involved network nodes, broadcasting of HELLO messages
has to be repeated with the updated neighbor node list and metric
values in at least two succeeding time intervals tP. After the
exchange of the HELLO messages, each node v knows the IDs of
all 1-hop and 2-hop neighbors, the connectivity between these
nodes, and their corresponding metric values M. We denote the set
of all 1-hop and 2-hop neighbors as N1(v) and N 2(v), respectively.
1) Multi-Point Relay (MPR) Selection
After collecting the neighborhood information, each node v
selects a set of multi-point relays that can be viewed as candidate
AGs. This set comprises a small subset of nodes C(v) from the
1-hop neighbor set N1(v) of node v that fully covers the 2-hop
neighbor set N2(v) of node v. C(v) is thus also called the coverage
set of node v, and it can be shown that the C(v)
∪
v forms a CDS
for N2(v). The coverage set C(v) is obtained by executing the
modified EMPR algorithm given below that takes into account the
known metric values M of the involved network nodes. Those
nodes with larger metrics are the favoured candidates for AGs.
This preferential choice is employed in the modified EMPR
algorithm.
The Modified Enhanced Multi-Point Relaying Algorithm
1. Add all free neighbors of N1(v) to the coverage set C(v).
Node u is a free neighbor of v if v is not the highest metric
neighbor of u.
2. Add node u
∈
N1(v) to the coverage set C(v), if there is an
uncovered node in N2(v) that is only covered by u. Any
node in N2(v) that is not covered by C(v) is called an
uncovered node.
3. Add node u
∈
N1(v) to the coverage set C(v), if u covers the
largest number of uncovered nodes in N2(v). Use metric M
of the nodes to break a tie when two nodes cover the same
number of uncovered nodes.
4. Repeat step 3 until all nodes in N2(v) are covered.
After the multi-point relays have been selected, each node
broadcasts its coverage set C(v) to its 1-hop neighbors at a random
time instant in the next time interval tP.
U3) Cluster Forming
A node v decides to act as a AG if it has never been
compromised, and
1. it has a larger metric M(v) than all its 1-hop neighbors and
has at least two unconnected neighbors, or if
2. it is in the coverage set formed by its neighbor with the
largest metric M.
When the nodes have decided on their role in the network, the
AGs broadcast their newly accepted role to its 1–hop neighbors at
random time instants in the next time interval tP. After a CM has
received this status message from all candidate AGs in its
neighborhood, the CM selects the best-suited AG by sending to it
an associate-request message. The AG acknowledges successful
association with an associate-confirm message. The cluster
forming process is completed after all nodes in the network have
taken on their appropriate roles in the network.
The proposed hierarchical network topology offers several
significant advantages compared to a flat topology in terms of
network energy consumption and recovery from network security
attacks. Using a clustered topology reduces the energy
consumption in the network because, firstly, CMs can transmit
with a lower power than AGs and, secondly, CMs can sleep while
the AGs manage and control the network. Moreover, AGs can
aggregate data before forwarding the aggregated data which in
turn reduces the overall size of the relayed packets to the BS.
Using a clustered topology also helps to recover faster and more
reliably from node compromise on the WSN. Recovery from
security attacks on one or several CMs can be locally performed
by the associated AG without affecting the operation of other
clusters, while recovery from security attacks on AGs or several
CMs belonging to separate clusters requires cooperation of all
AGs in the WSN.
IV. 3BEXPERIMENTAL RESULTS
We have implemented a WSN testbed with Crossbow’s
TelosB motes [13]. In our testbed, up to 20 sensor nodes were
located on a regular grid of 10 (5x2), 15 (5x3), and 20 (5x4). The
closest distance between nodes was set to 1 m and the radio
transmission range of each node to approximately 1.5 m.
The proposed recovery mechanism was implemented on a
TinyOS v2.1 / TelosB programming platform. The metric M was
always computed with a parameter value a set to 0.5, while the
values for e(v) and d(v) were pre-specified at each run. Therefore,
we incorporated both the energy and degree metrics to ensure that
the AG selection maintains energy-efficiency and network
connectivity. In our experiments, we ran 15 tests for each network
size. We considered two cases: (1) energy levels in all nodes are
the same (i.e., the metric M is fixed), and (2) energy levels across
nodes are variable (i.e., the metric M is node-dependent). Further,
Figure 1: Clustered Topology of Wireless Sensor Network
Authorized licensed use limited to: DEAKIN UNIVERSITY LIBRARY. Downloaded on April 09,2010 at 05:54:01 UTC from IEEE Xplore. Restrictions apply.
since the network topology is fixed, the node degree does not vary
with time.
The focus of the experiments was to test the performance of
the reclustering and reprogramming methods with respect to fast
recovery from security attacks, while at the same time
maintaining reasonable battery energy levels. In our experiments,
we assumed that the network is capable of detecting compromised
nodes, and any compromised node which cannot be recovered
will be deleted from the re-clustered network. We assessed the
performance of our method by measuring the following
performance metrics:
• Average clustering time: Average time for reclustering to be
completed; the clustering time for each run is calculated from the
time the base station issues a ‘recluster’ command to the time that
all nodes are included in a cluster.
• Average battery energy level of all WSN aggregators.
• Average battery energy level of all WSN cluster members.
In addition, we also recorded the number of aggregators
elected by the algorithm. The expected number of aggregators for
a given network varies with the number of nodes in the network as
shown through simulations in [8].
Table I shows the performance results of the reclustering
algorithm. In terms of number of aggregators elected, these results
compare well with the simulations of Wu [8], in which the
transmission range is relatively high compared to the density of
the nodes in the WSN. Wu’s work, however, assumes no
collisions, while in our implementation one node per run was lost
on average either because of collisions or because of
data-gathering errors when 1- and 2-hop neighbor tables were
being compiled.
TABLE I. PERFORMANCE OF THE RE-CLUSTERING ALGORITHM
Network Size Clustering time
(secs) Std. Dev. (secs) Average no. of
AGs
10 nodes 162 1.49 2
15 nodes 167 1.42 3
20 nodes 175 1.47 5
Table II shows the average metric value per network versus
that of the selected aggregators. In calculating M(v), floating point
errors were avoided by using M’(v)=e(v)d max+d(v) e
max. The
results prove the energy efficiency of the proposed clustering
method as the average energy levels of AGs is above that of
cluster members across the network. Further, we note that the
proposed method works on localized (2-hop) information to form
clusters. This ensures that the method is scalable and the
clustering times obtained for the 10, 15 and 20 node networks
prove this.
TABLE II. ENERGY LEVELS OF CLUSTERS AND AGGREGATORS
Network Size
M(v)
(average)
M(v) for AGs (average)
10 nodes 5.5 5.6
15 nodes 8 8.25
20 nodes 10.5 13.95
In a large scale sensor network, energy-efficiency techniques
will limit the number of active nodes to a subset of all nodes such
that the network area is fully covered and the network remains
fully connected. This observation means that the number of active
two-hop neighbours for a given node will tend to remain fairly
constant. This in conjunction with the two-hop localised nature of
the reclustering algorithm will ensure that the reclustering time
remains fairly constant and is independent of the total number of
nodes in the network as only active nodes will participate in the
reclustering process. However, we do note that since a command
to re-cluster from the BS is passed through AGs to nodes which
are not necessarily in range of the BS, this transmission time is
likely to increase as the network grows while the clustering time
remains fairly stable. As a result, the overall re-clustering time is
likely to increase at most logarithmically in network size. While
our data is insufficient to confirm this, the results in Table I
indicate that this bound is reasonable.
One of the important differentiators between our work and that
of Wu [8] is that the set of chosen aggregators will vary over time
as we take into account the state of individual sensors with respect
to their energy levels and node degree. This is especially useful
because the number of active nodes available to join a cluster
diminishes with time as nodes lose all energy or are compromised
beyond recovery. It is also useful in terms of the proposed scheme
being extensible to mobile sensor networks where each sensor
will have a periodically changed node degree.
Table III shows the results for the reprogramming tests using
the modified Deluge method. Deluge is a reliable data
dissemination protocol for large objects, such as program
binaries. Together with a bootloader, Deluge provides a way to
reprogram sensor motes in a network. Since Deluge only supports
network-wide reprogramming, we modified the dissemination
engine of the protocol to individually address sensor nodes. This
was done by replacing the AM_BROADCAST_ADDR parameter
in the engine with the node-id of the node to be recovered. This
modification allowed Deluge to disseminate the program binary
to a specific compromised node. The performance tests were
conducted using similar network topologies to the reclustering set
up. However, for reprogramming, we assume that each node in the
WSN is within range of the BS, while the converse is not
necessarily the case. This is a much stronger assumption than that
needed for re-clustering. In the tests, the base station issued a
reprogramming command to a single compromised node that was
Authorized licensed use limited to: DEAKIN UNIVERSITY LIBRARY. Downloaded on April 09,2010 at 05:54:01 UTC from IEEE Xplore. Restrictions apply.
chosen at random in the network. Reprogramming time was
calculated from the time the command was issued by the base
station to when the node was fully functional. The results have
been obtained by averaging over 15 runs with the compromised
node being chosen at random from the network. Table III
indicates no impact on reprogramming time as a function of
network size.
Based on the observed reprogramming and reclustering times,
we propose that network wide reclustering is triggered only when
an AG node is compromised. In the event of a member node being
compromised, recovery can be restricted to isolating the node and
reprogramming without the need for reclustering. Such an
approach is both energy-efficient and minimizes the disruption of
normal network operation.
TABLE III. REPROGRAMMING TIME USING MODIFIED DELUGE
N
etwork
Size
Mean time
(secs)
Std. Dev
10 nodes 87.67 0.89
15 nodes 87.79 0.94
20 nodes 87.21 0.83
V. 4BCONCLUSION
In this paper, we have proposed a novel recovery mechanism for
WSNs that enables fast and reliable recovery from security attacks
by applying dynamic network reclustering and node
reprogramming. To identify the best-suited aggregators for the
reconfigured network, the clustering algorithm incorporates a
metric that takes into account the energy levels of individual
sensors as well as their connectivity to other nodes. Since the
reclustered network does not include compromised nodes, the
network can be kept operational while the comprised nodes can be
recovered by executing the node reprogramming procedure. We
have demonstrated that the proposed recovery mechanism
comprising reclustering and reprogramming can be efficiently
implemented on a sensor network testbed using TelosB motes.
Our experimental results show that our recovery mechanism is
suitable for low resources sensor devices and efficient both in
terms of recovery time and scalable due to its decentralized
approach.
REFERENCES
[1] B. Li and L.M. Batten, "Using mobile agents to detect and recover node
compromise in path-
b
ased denial of service attacks in wireless sensor
networks",
[2] Q. Wang, Y. Zhu, and L. Cheng, “Reprogramming wireless sensor
networks: Challenges and approaches,” IEEE Network Magazine,
20(3):48–55, May-June 2006.
[3] J. Mirkovic, G.V. Venkataramani, S. Lou, L. Zhang, “A self-organizin
g
approach to data forwarding in wireless sensor networks”, ICC 2001,
June 2001.
[4] R. Krishnan and D. Starobinski, “Efficient clustering algorithms for sel
f
organizing wireless sensor networks”, Ad-hoc Networks, Elsevier, Vol. 4,
36-59, 2006.
[5] S. Meguerdichian, S. Slijepcevic, V. Karayan and M. Potkonjak,
“Localized algorithms in wireless ad-hoc networks: location discover
y
and sensor exposure,” Proceedings of the 2nd ACM internationa
l
symposium on Mobile ad hoc networking & computing, 2001, 106-116.
[6] S. Slijepcevic, M. Potkonjak, “Power efficient organization of wireless
sensor networks,” IEEE Int’l. Conf. on Comm. (ICC), Helsinki, June
2001, 472-6.
[7] W. Heinzelman, A. Chandrakasan, and H. Balakrishnan,
“Energy-efficient communication protocols for wireless microsensor
networks”, Proc. Hawaaian Int'l Conf. on Systems Science, January 2000.
[8] J. Wu, "An enhanced approach to determine a small forward node se
t
based on multipoint relay", Proc. IEEE Semi-Annual Vehicula
r
Technology Conference (VTC 2003), September, 2003.
[9] T. Stathopoulos, J. Heidemann, and D. Estrin, “A remote code update
mechanism for wireless sensor networks”, Technical report, UCLA,
2003.
[10] J. Jeong and D. Culler, “Incremental network programming for wireless
sensors”, Secon 2004: Proceedings of The First IEEE Communications
Society Conference on Sensor and Ad Hoc Communications an
d
Networks, Santa Carla, CA, USA, 2004.
[11] A Tridgell, “Efficient algorithms for sorting and synchronization”, PhD
Thesis, Australian National University, 1999.
[12] A. Koubaa, M. Alves, M. Attia and A. Van NieuWenhuyse,
“Collision-free beacon scheduling mechanisms for IEEE 802.15.4/Zigbee
cluster-tree wireless sensor networks”, Technical report, TR-061104,
Polytechnic Institute of Porto, 2006. Available at www.hurray.isep.ipp.pt.
[13] Crossbow,
http://www.xbow.com/Products/Product_pdf_files/Wireless_pdf/TelosB
_Datasheet.pdf.
[14] John Paul Walters, Zhengqiang Liang, Weisong Shi, and Vipi
n
Chaudhary, Wireless Sensor Net work Security: A Survey, Security in
Distributed, Grid, and Pervasive Computing Yang Xiao,(Eds.) 2006,
Auerbach Publications, CRC Press.
[15] Bai Li, Lynn Batten, Robin Doss, Lightweight Authentication fo
r
Recovery in Wireless Sensor Networks, The Fifth Internationa
l
Conference on Mobile Ad-hoc and Sensor Networks (MSN 2009), 14-16
December 2009, Wu Yi Mountain, China (in press).
Authorized licensed use limited to: DEAKIN UNIVERSITY LIBRARY. Downloaded on April 09,2010 at 05:54:01 UTC from IEEE Xplore. Restrictions apply.