98 7. EFFICIENT AND SECURE CODE DISSEMINATION IN SENSOR CLOUDS
on forwarding and installing new code. Any reduction in the amount of total code transferred
therefore gets multiplied by high frequency resulting in great reduction in energy consump-
tion. Moreover, clusters of sensors in a sensor cloud are dynamically provisioned to users, which
means that at any given point in time various clusters can be working for various users. In such a
scenario, the security of the code (in terms of confidentiality and integrity) also becomes very im-
portant. Code disseminated from the base station will inevitably be forwarded by many sensors
on its way to its destination cluster. Code confidentiality is thus a critical pre-requisite since the
code may be carrying keying material which must be protected against eavesdropping. Another
pre-requisite is the integrity of code, which will make sure that an adversary has not injected
malicious code packets during the code dissemination process. To summarize, there is a need
for an efficient code dissemination schemes which is well suited to a dynamically provisioned
sensor cloud scenario. e scheme needs to minimize the number of code packets transmitted
and should provide confidentiality and protect the integrity of the disseminated code. In this
chapter, we present an efficient and secure code dissemination scheme for sensor cloud. e
scheme is based on storing the common code between two TinyOS applications on the sensors
themselves. e technique makes use of similarity in the compiled application code in TinyOS.
It also uses proxy re-encryption (PRE) and Bloom filters to additionally provide confidentiality
and integrity of the code. In this chapter, Our contributions are as follows:
• a code dissemination algorithm which reduces the total number of packets sent from the
base station to a cluster of sensors in a sensor cloud scenario and
• a security mechanism which provides confidentiality and integrity of code packets while
they are disseminated in a sensor cloud.
7.2 RELATED WORK
Deluge [114] was one of the first wireless code dissemination protocols developed especially
for sensor networks. It provided an efficient way to reprogram motes wirelessly: it divides the
code image into fixed size pages and then divides each page into packets with a size that is
network dependent. Because Deluge [114] was created for traditional WSNs, it advertises new
code images using an epidemic protocol. Nodes can then request for individual pages and new
code images by listening to the advertisement packets. Although Deluge [114] tried to reduce
the wireless traffic, it did not take into account the similarities between various code updates.
Reijers et al. [113] proposed an approach that addressed incremental code updates. is
approach took a UNIX diff like approach for determining the difference between two versions
of the same code. ey introduced commands such as insert, copy, repair, repair dbl, and patch list
to generate an edit script. Instead of wirelessly sending the complete new code, the base station
would only transmit the edit script. e wireless sensors would then transform their code image
according to the edit script to generate the new version of the code. e authors, however, only
discussed the encoding mechanism of the code image without any code distribution algorithm.
7.2. RELATED WORK 99
Moreover, the edit script was platform dependent. A platform independent incremental code
update algorithm was described in [111]. is algorithm divided a program image into small,
fixed-size blocks and calculated the hash of each block. e same was done for the new code
image and a difference script was created by comparing the hashes of the code images. e dif-
ference script consisted of copy and download commands where copy meant the wireless sensor
could just copy the block from the old code image and download meant the block contained
changes and thus had to be downloaded from the base station.
Approaches in [111] and [113], however, work particularly for small code changes. Any
code change that produces an address shift results in an extremely inefficient script. To overcome
this, [112] introduced slop regions around functions. Functions are allowed to grow into the slop
regions. us, small changes in code do not produce address shifts. If the function grows bigger
than the allowed slop region, it is moved to an area with a bigger slop region and linked to
its previous location. is approach, however, wastes a large amount of space on the sensors.
Additionally, the efficiency of code dissemination depends on the amount of memory available
to be sacrificed. QDiff [109] presented an optimized patch creation technique. e size of the
patch created in QDiff [109] is small compared to other schemes. e algorithm works on the
ELF file level and, hence, is platform independent. QDiff [109] uses slop region to maintain
similarity between two versions of the code. If no slop region exists, the new code is moved to
the end of the file. A high level of similarity between the codes at the ELF file level ensures a
small patch size. Moreover, the patch can be directly applied in the RAM, eliminating the need
for a reboot and thus saving a large amount of energy.
All of these approaches targeted the traditional WSN model in which the changes between
successive versions of the application code are small. On the contrary, in a sensor cloud, a code
update implies that the entire application must be changed. As a result, the application code
needs to be completely updated. Code dissemination in a sensor cloud like scenario was first
discussed in [115]. e authors discussed a code dissemination algorithm for multi-application
WSNs, where various groups of sensors support different WSN applications. is algorithm is
based on the idea that WSN applications share a lot of common code. is common code can
be disseminated from other sensors in the network instead of disseminating everything from
the base station. e authors presented the idea and demonstrated the effectiveness through
simulations. ey did not, however, offer implementation specific details, such as the handling
of code shifts and the introduction of new global variables. Instead, the focus was on adaptive
buffer management for such a code dissemination algorithm. e algorithm presented in this
chapter exploits the same idea that many applications in WSNs may share a large amount of
code. Unlike [115], however, we provide a set of algorithms for implementing this in a secure
fashion in the context of a sensor cloud.
Another important issue in a sensor cloud scenario is security. Seluge [116] was one of the
early attempts to build a secure code dissemination algorithm. Seluge [116] aimed to tackle the
code image integrity and various DoS attacks on Deluge [114]. For each code image, it hashes
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.