Detecting and Preventing Beacon Replay Attacks in Receiver-Initiated MAC Protocols for Energy Efficient WSNs

  • Alessio Di Mauro
  • Xenofon Fafoutis
  • Sebastian Mödersheim
  • Nicola Dragoni
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8208)


In receiver-initiated MAC protocols for Wireless Sensor Networks (WSNs), communication is initiated by the receiver of the data through beacons containing the receiver’s identity. In this paper, we consider the case of a network intruder that captures and replays such beacons towards legitimate nodes, pretending to have a fake identity within the network. To prevent this attack we propose RAP, a challenge-response authentication protocol that is able to detect and prevent the beacon replay attack. The effectiveness of the protocol is formally verified using OFMC and ProVerif. Furthermore, we provide an analysis that highlights the trade-offs between the energy consumption and the level of security, defined as the resilience of the protocol to space exhaustion.


Beacon Replay Attack Receiver Initiated Medium Access Control Wireless Sensor Network Security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    AVISPA: Deliverable 2.3: The Intermediate Format (2003),
  2. 2.
    Bachir, A., Dohler, M., Watteyne, T., Leung, K.: MAC Essentials for Wireless Sensor Networks. IEEE Commun. Surveys Tutorials 12(2), 222–248 (2010)CrossRefGoogle Scholar
  3. 3.
    Basin, D., Mödersheim, S., Viganò, L.: OFMC: A symbolic model checker for security protocols. Int. Journal of Information Security 4(3), 181–208 (2005)CrossRefGoogle Scholar
  4. 4.
    Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), pp. 82–96. IEEE Computer Society, Cape Breton (2001)Google Scholar
  5. 5.
    Deng, J., Han, R., Mishra, S.: Limiting dos attacks during multihop data delivery in wireless sensor networks. Int. J. Secur. Netw. 1(3/4) (2006)Google Scholar
  6. 6.
    Denning, D.E., Sacco, G.M.: Timestamps in key distribution protocols. Commun. ACM 24(8), 533–536 (1981)CrossRefGoogle Scholar
  7. 7.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theor. 29(2), 198–208 (2006)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Dong, J., Ackermann, K.E., Bavar, B., Nita-Rotaru, C.: Mitigating attacks against virtual coordinate based routing in wireless sensor networks. In: Proc. of the First ACM Conf. on Wireless Network Security, pp. 89–99. ACM (2008)Google Scholar
  9. 9.
    Fafoutis, X., Dragoni, N.: ODMAC: An On-Demand MAC Protocol for Energy Harvesting-Wireless Sensor Networks. In: Proc. 8th ACM Symp. on Performance Evaluation of Wireless Ad-Hoc, Sensor, and Ubiquitous Networks (PE-WASUN), pp. 49–56. ACM (2011)Google Scholar
  10. 10.
    Ghosal, A., Halder, S., Sur, S., Dan, A., DasBit, S.: Ensuring basic security and preventing replay attack in a query processing application domain in WSN. In: Taniar, D., Gervasi, O., Murgante, B., Pardede, E., Apduhan, B.O. (eds.) ICCSA 2010, Part III. LNCS, vol. 6018, pp. 321–335. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Heinzelman, W., Chandrakasan, A., Balakrishnan, H.: Energy-efficient communication protocol for wireless microsensor networks. In: Proc. of the 33rd Annual Hawaii Int. Conf. on System Sciences, vol. 2, p. 10 (2000)Google Scholar
  12. 12.
    Horn, A.: On sentences which are true of direct unions of algebras. J. Symb. Log., 14–21 (1951)Google Scholar
  13. 13.
    Karlof, C., Wagner, D.: Secure routing in wireless sensor networks: attacks and countermeasures. In: Proc. of the First IEEE Int. Workshop on Sensor Network Protocols and Applications, pp. 113–127 (2003)Google Scholar
  14. 14.
    Karlof, C., Sastry, N., Wagner, D.: Tinysec: a link layer security architecture for wireless sensor networks. In: Proc. 2nd ACM Int. Conf. on Embedded Networked Sensor Syst. (SenSys), pp. 162–175. ACM (2004)Google Scholar
  15. 15.
    Levis, P., Madden, S., Polastre, J., Szewczyk, R., Whitehouse, K., Woo, A., Gay, D., Hill, J., Welsh, M., Brewer, E., Culler, D.: TinyOS: An Operating System for Sensor Networks. In: Ambient Intelligence, pp. 115–148. Springer (2005)Google Scholar
  16. 16.
    Li, J., Zhang, D., Guo, L.: DCM: A Duty Cycle Based Multi-channel MAC Protocol for Wireless Sensor Networks. In: IET Int. Conf. on Wireless Sensor Network (IET-WSN), pp. 233–238 (2010)Google Scholar
  17. 17.
    Lin, E.Y.A., Rabaey, J.M., Wolisz, A.: Power-efficient rendez-vous schemes for dense wireless sensor networks. In: Proc. IEEE Int. Conf. on Communn. (ICC), vol. 7, pp. 3769–3776. IEEE (2004)Google Scholar
  18. 18.
    Liu, D., Ning, P.: Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks. Tech. rep. (2002)Google Scholar
  19. 19.
    Lowe, G.: A hierarchy of authentication specifications. In: CSFW 1997, pp. 31–43. IEEE Computer Society Press (1997)Google Scholar
  20. 20.
    Maurer, U.M., Schmid, P.E.: A calculus for security bootstrapping in distributed systems. J. Comp. Sec. 4(1), 55–80 (1996)Google Scholar
  21. 21.
    Mödersheim, S.: Algebraic properties in alice and bob notation. In: Int. Conf. on Availability, Reliability and Security (ARES), pp. 433–440 (2009)Google Scholar
  22. 22.
    Mödersheim, S.: Abstraction by set-membership: verifying security protocols and web services with databases. In: ACM Conf. on Computer and Communications Security, pp. 351–360 (2010)Google Scholar
  23. 23.
    Mödersheim, S., Viganò, L.: Secure Pseudonymous Channels. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 337–354. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Peng, Y., Li, Z., Qiao, D., Zhang, W.: Delay-Bounded MAC with Minimal Idle Listening for Sensor Networks. In: Proc. 30th Ann. Joint Conf. IEEE Comput. and Communn. Soc (INFOCOM), pp. 1314–1322. IEEE (2011)Google Scholar
  25. 25.
    Perrig, A., Szewczyk, R., Tygar, J.D., Wen, V., Culler, D.E.: Spins: security protocols for sensor networks. Wirel. Netw. 8(5), 521–534 (2002)CrossRefzbMATHGoogle Scholar
  26. 26.
    Song, H., Zhu, S., Cao, G.: Attack-resilient time synchronization for wireless sensor networks. In: Int. Conf. on Mobile Adhoc and Sensor Systems, pp. 765–772 (2005)Google Scholar
  27. 27.
    Stallings, W.: Cryptography and Network Security. Prentice Hall (2005)Google Scholar
  28. 28.
    Sun, Y., Gurewitz, O., Du, S., Tang, L., Johnson, D.B.: ADB: An Efficient Multihop Broadcast Protocol based on Asynchronous Duty-cycling in Wireless Sensor Networks. In: Proc. 7th ACM Int. Conf. on Embedded Networked Sensor Syst. (SenSys), pp. 43–56. ACM (2009)Google Scholar
  29. 29.
    Sun, Y., Gurewitz, O., Johnson, D.B.: RI-MAC: A Receiver-Initiated Asynchronous Duty Cycle MAC Protocol for Dynamic Traffic Loads in Wireless Sensor Networks. In: Proc. 6th ACM Int. Conf. on Embedded Networked Sensor Syst. (SenSys), pp. 1–14. ACM (2008)Google Scholar
  30. 30.
    Tang, L., Sun, Y., Gurewitz, O., Johnson, D.B.: EM-MAC: A Dynamic Multichannel Energy-Efficient MAC Protocol for Wireless Sensor Networks. In: Proc. of ACM MobiHoc 2011, p. 23 (2011)Google Scholar
  31. 31.
    Tang, L., Sun, Y., Gurewitz, O., Johnson, D.B.: PW-MAC: An Energy-Efficient Predictive-Wakeup MAC Protocol for Wireless Sensor Networks. In: Proc. of INFOCOM 2011, pp. 1305–1313. IEEE (2011)Google Scholar
  32. 32.
    Texas Instruments: CC250: Low-cost low-power 2.4 ghz rf transceiver (2011),
  33. 33.
    Weidenbach, C., Schmidt, R.A., Hillenbrand, T., Rusev, R., Topic, D.: System description: spass version 3.0. In: Pfenning, F. (ed.) CADE 2007. LNCS (LNAI), vol. 4603, pp. 514–520. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  34. 34.
    Yadav, P., McCann, J.A.: YA-MAC: Handling Unified Unicast and Broadcast Traffic in Multi-hop Wireless Sensor Networks. In: Proc. 7th IEEE Int. Conf. on Distributed Computing in Sensor Systems (DCOSS), pp. 1–9. IEEE (2011)Google Scholar
  35. 35.
    Yong, Y.T., Chow, C.O., Kanesan, J., Ishii, H.: EE-RI-MAC: An energy-efficient receiver-initiated asynchronous duty cycle MAC protocol for dynamic traffic loads in wireless sensor networks. Journal of Physical Sciences 6(11), 2633–2643 (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Alessio Di Mauro
    • 1
  • Xenofon Fafoutis
    • 1
  • Sebastian Mödersheim
    • 1
  • Nicola Dragoni
    • 1
  1. 1.Department of Applied Mathematics and Computer ScienceTechnical University of DenmarkKgs. LyngbyDenmark

Personalised recommendations