A three-tier framework for intruder information sharing in sensor networks

In sensor networks, an intruder (i.e., compromised node) identified and isolated in one place can be relocated and/or duplicated to other places to continue attacks; hence, detection and isolation of the same intruder or its clones may have to be conducted repeatedly, wasting scarce network resources. Therefore, once an intruder is identified, it should be known to all innocent nodes such that the intruder or its clones can be recognized when appearing elsewhere. However, secure, efficient and scalable sharing of intruder information remains a challenging and unsolved problem. To address this problem, we propose a three-tier framework, consisting of a verifiable intruder reporting (VIR) scheme, a quorum-based caching (QBC) scheme for efficiently propagating intruder reports to the whole network, and a collaborative Bloom Filter (CBF) scheme for handling intruder information locally. Extensive analysis and evaluations are also conducted to verify the efficiency and scalability of the proposed framework.