KR100951397B1 - Proactive Code Verification Protocol Using Empty Memory Deletion in Wireless Sensor Network - Google Patents

Abstract

The present invention relates to a prior code-verification method using memory space deletion in a wireless sensor network.

The sensor, the base station as a verifier, encrypts the request message header (Req), the ID of the base station (ID _BS ), and all three messages by encrypting the ID and nonce (n) with a security key distributed between the base station and the sensor node. Requesting to send to the node; Generating a random number using the nonce as a seed and filling the random number with an empty area of a memory in the sensor node; A response step of the sensor node transmitting the hash value of its entire memory to the base station in response; And a verification step of comparing the hash value transmitted from the sensor node with a hash value calculated from memory information of the sensor node owned by the base station.

It works in a very simple manner but has the effect of detecting malicious code within the sensor node without relying on accurate time information.

Description

Proactive Code Verification Protocol Using Empty Memory Deletion in Wireless Sensor Network

The present invention relates to a method of prior code-validation using memory space deletion in a wireless sensor network, and more particularly, to prevent malicious code from leaving a space in a memory of a target node and to transmit a value of the entire memory contents. A prior code-verification method using memory space deletion in a wireless sensor network.

Currently, security is one of the most important issues in wireless sensor networks. For example, in a wireless sensor network used for military surveillance, if a node is captured by an enemy and used for attack, these nodes will not be able to detect the enemy's intrusion and may even report false information resulting in an allied defeat. have. In order to prevent abnormal behavior of these sensor nodes, a method of proving suspicious nodes is needed.

Unfortunately, physical attacks on nodes cannot be prevented in any way. Only hardware modules that physically force modifications inside a node can prevent the capture node from turning into a malicious node that damages other nodes. Therefore, most of the research so far has focused on how to find contaminated nodes. In most of these studies, the contaminated node can only be found after the contaminated node has behaved abnormally. Therefore, there was no way to find the malicious node before the node's abnormal behavior. For this reason, the WSN (wireless sensor network) is vulnerable to damage by malicious nodes.

Therefore, there is a need for a proactive detection method that can detect anomalies in code before a malicious node performs abnormal behavior. SoftWare-based Attestation for embedded device (SWATT) is designed for this software-based proof. The SWATT can be applied very simply, but because it operates based on accurate time, there is a limitation that it is sensitive to unexpected network delay and is dependent on the hardware platform.

In other words, at the present time when the ubiquitous environment is gradually expanding its scope, in the wireless sensor network environment, one of the application fields, the security solution against the damages that occur when an attacker captures and modifies the sensor node device for malicious purposes is absolutely absolute. As needed. However, existing remote verification methods require a careful measurement of the computation time in detecting malicious code, and if the node uses a more powerful microprocessor, more iterative execution of verification is required to amplify the difference in computation time. There is a problem that it is necessary.

The present invention is to improve the conventional problems as described above, to prevent the malicious code in the memory of the target node to leave a space for operation, and then pass the value of the entire memory content, to verify the entire memory content of the target node Unlike SWATT, there is provided a prior code-verification method using memory space deletion in a wireless sensor network that can significantly reduce the probability of malicious code concealing itself without relying on accurate time information.

The preceding code-verification method using memory space deletion in the wireless sensor network according to the present invention,

The sensor, the base station as a verifier, encrypts the request message header (Req), the ID of the base station (ID _BS ), and all three messages by encrypting the ID and nonce (n) with a security key distributed between the base station and the sensor node. Requesting to send to the node; Generating a random number using the nonce as a seed and filling the random number with an empty area of a memory in the sensor node; A response step of the sensor node transmitting the hash value of its entire memory to the base station in response; And a verification step of comparing the hash value transmitted from the sensor node with a hash value calculated from memory information of the sensor node owned by the base station.

The requesting step may further include determining whether the message is legitimate by decrypting the encrypted message and comparing the ID with the ID of the base station after receiving the three messages.

Also, in the operation step, the free area of the memory is a memory area excluding the proof code, the firmware code, and the data area in the memory.

In addition, the calculating step may fill an empty area of the memory in the sensor node with an XOR operation of two random values. Preferably, the calculating step fills an empty area of the memory in the sensor node with an XOR operation of two random values, and then operates in the opposite direction to cover the space in which the existing random number was located with an XOR operation with the newly generated random number. Can be used.

The hash value is also all hash values from the RAM memory of the microcontroller of the sensor node consisting of the proof code, the firmware code and the blank area to the programmable flash memory of the data area and the blank area.

Further, the verifying step compares the hash value transmitted from the sensor node with a hash value calculated using memory information of the sensor node owned by the base station, and if the two hash values do not match, the base station. The method may further include determining that the sensor node is contaminated or illegally modified by an attacker, and notifying the sensor node to other sensor nodes.

In addition, when the response time of the sensor node exceeds a predetermined reference time, the base station further determines that the sensor node is contaminated or illegally modified by an attacker, and further including the step of notifying to other sensor nodes. In this case, the predetermined reference time is preferably 15 seconds.

According to the preceding code-verification method using the memory space deletion in the wireless sensor network according to the present invention having the above-described configuration, it operates in a very simple manner but finds a malicious code in the sensor node without relying on accurate time information. It can work.

Hereinafter, with reference to the accompanying drawings will be described an embodiment of the present invention; First, it should be noted that the same components or parts in the drawings represent the same reference numerals as much as possible. In describing the present invention, detailed descriptions of related well-known functions or configurations are omitted in order not to obscure the gist of the present invention.

1 is a diagram illustrating a notation used in the present invention, FIG. 2 conceptually illustrates a memory of a sensor node, where Mem ¹ is a RAM of a microcontroller and Mem ⁱ is a programmable flash memory. It is a degree. 3A to 3C schematically show a process of filling an empty memory space of a target node in the operation step of the present invention, and FIG. 4 shows a Fill_Memory (n) algorithm for executing the process of FIGS. 3A to 3C. FIG. 5 is a diagram showing an example of mixing represented by MIXED_MEM using SHA-1, FIG. 6 is a diagram conceptually illustrating changes in memory contents before and after the Fill_Memory (n) algorithm, and FIG. 8 is a flowchart illustrating a preceding code-verification method according to the present invention. FIG. 8 is a flowchart illustrating the preceding code-verification method according to the present invention. FIG. 9 is a difference between the total operation time of a normal verification method and the total operation time of an attack code. Is a graph.

First, in this specification, it is assumed that the verifier has a copy of the memory contents of a target sensor node (hereinafter, referred to as a target node). Each entity distributes key pairs to establish a secure communication channel between each other. This key pair can be set by a random key pre-distribution method or the like. And, it is assumed that the verification code that can be executed remotely by the verifier is loaded in the memory of the target node. The attacker has full control over the memory access of the captured node. However, the possibility of modification to other hardware structures means that an attacker can use external resources, and thus are not discussed in the present specification. Programmable flash memory is assumed to have no free space unless there is a specific purpose. It also assumes that nodes do not support virtual memory and cannot run code directly on data storage.

The most primitive method of verification is to compare the actual memory contents of the target node with the memory contents that it knows. In this method, the verifier first sends a message requesting the verification of the target node. The target node then executes the attestation code in its memory. This verification code accesses the memory contents of the node and sends the contents to the verifier. Finally, the verifier compares the received content with its own copy and determines whether the target node is infected.

However, by using the following attack method, an attacker can easily avoid malicious code modified inside the captured node by this primitive verification method. First, the attacker places an attack code in the free space of the sensor node that contains valid information about the original memory contents. And instead of accessing the actual memory contents, the verification code in the node is modified to access valid information that has been planted. The attestation code would then send the valid memory information before the node was attacked, rather than the information of the maliciously modified firmware. As a result, the verifier cannot accurately verify whether the target node is infected.

To solve this problem, the present specification proposes a new method for the software-based verification method. The basic principle of the method according to the present invention is to pass the value of the entire memory contents after preventing the malicious code from leaving space in the target node's memory whenever a validator requests.

A WSN (Wireless Sensor Network) typically consists of a large number of sensors and several base stations. Base stations have enough resources to handle multiple tasks simultaneously, while sensor nodes have very limited resources, such as small memory size, low battery capacity, and narrow radio range.

In this specification, notation as shown in FIG. 1 is used.

Sensor nodes have several types of memory. The MICA mote, developed by UC Berkeley, for example, has 4kB of fixed RAM, 128kB programmable flash memory and 4Mbit external flash memory. Most sensor node structures are similar to the MICA mote. In the present specification, the SRAM of the microcontroller is denoted by Mem ¹ . The other Mem ⁱ represents flash program memory or external data storage. Usually only one programmable flash memory is built into the sensor node's microcontroller and the external data store is an EEPROM. In this specification, an attack using an external data store is not considered. The reason for this is that the access time is too long to be used for attack purposes and can be easily discovered. After the sensor node is deployed, the proof code V and firmware code C will reside in Mem ¹ while the node is operating. Since Mem ¹ has each data part D ⁱ , the total data of one node is D = {D ⁱ } ^Λ _{i = 1} . Here, Λ means the total number of memories of one sensor node. 2 conceptually illustrates such a memory.

1. Request step ( S10 )

In the preceding code-verification method according to the present invention, first, in the requesting step (S10) for verifying the memory contents of the target node, the base station as the verifier is a request message header (Req) and the ID (ID _BS ) of the base station, and The ID _BS and a nonce n are encrypted with a secure key (K _{IDBS , mode} ) distributed between the base station and the target node _, and all three messages are transmitted to the target node.

Then, the target node decrypts the encrypted message to receive the three messages, and compares the encrypted message with the ID of the base station to determine whether the message is legitimate. By doing so, an attacker may not know the distributed security key (K _{IDBS , mode} ), and the attacker cannot disguise as a base station, thereby preventing a denial of service against a specific node. .

2. Calculation step ( S20 )

In the computation of the target node following the requestor's request phase, the target node generates a random number with the nonce as the seed. The empty area of the memory in the target node is filled with a bit string that is a result of a specific algorithm using the generated random number (S20). S ⁱ _e , the size of the free space of Mem ⁱ , means the size of the free memory area excluding the authentication code, firmware code, and data area. This can be calculated as follows.

Formula (1): S ⁱ _e = S ⁱ -(S ⁱ _v + S ⁱ _c + S ⁱ _d )

The algorithm used in this step fills the free space of memory with XOR of two random values. First, the random number fills S ⁱ _e . When the random sequence fills the empty memory space, it operates in the opposite direction and overwrites the existing random number space with an XOR operation with the newly generated random number.

The input value of the hash function used in the algorithm uses a previously filled memory value of 512-bits. 3A to 3C illustrate an example of the algorithm operation. 3A conceptually illustrates a process of starting to fill a random number in an empty space of a memory, and FIG. 3B illustrates a process of operating in the opposite direction when the random number sequence meets an end of the memory space. 3C illustrates a process of overwriting an existing random number space with an XOR operation with a newly generated random number.

However, before this algorithm runs until the fourth round, there are no 512-bits of memory value for hash input, so the random number in the first round is generated only from seed n and from the second to fourth rounds. The operation takes as input the value that fills the empty part of the memory value with zero. In this algorithm of the verification step, Fill_Memory (n) is as shown in FIG.

3. Response step ( S30 )

Next, in the response step of the target node, the node transmits the hash value of its entire memory as a response to the base station as the verifier (S30). This hash value is h (MIXED_MEM∥D) from Mem ¹ to Mem ⁱ . Where MIXED_MEM is a column of memory values that read V∥C∥FMn according to certain rules. In addition, FMn here means Fill_Memory (n). The specific rule sequentially executes a reading scheme by skipping blocks corresponding to the output size of the random number generator used in the operation step. This hybridization, expressed as MIXED_MEM, prevents the hash of the entire FMn from being copied in advance, for example by using another node captured by an attacker. 5 shows an example illustrating this point.

Since the base station does not know the data D temporarily stored by the node, the node generally has to send the data D to the base station before the proof phase. Then, all spaces except for the verification code (V) and the firmware code (C) in the memory of the target node are filled with random numbers, and the response is made with a hash value of the memory. At the end of the response phase, the base station must return the data it has stored back to its original node.

However, this approach is burdensome for two reasons, the first being due to the limited battery capacity of the node. The node consumes energy twice because it needs to transmit and receive data (D). As a result, the node deletes its original data (D) for verification, and wastes unnecessary energy to get it back after verification. Another reason is the unnecessary increase in proof time.

In the method according to the invention the node does not have to receive the data D again. In the response phase, the node only needs to send data to the base station along with the hash value. The base station then knows the data (D) together with the verification code (V) and firmware code (C) of the target node.

4. Verification step ( S40 )

Finally, in the verifying step of the verifier, the base station compares the hash value received from the target node with the hash value calculated by the memory information of the target node (S40). If the two do not match, the base station will finally determine that the target node has been compromised or illegally modified by the attacker, and will notify the other nodes.

Alternatively, if the response time of the target node exceeds the predetermined reference time, the base station may determine that the target node has been contaminated or illegally modified by an attacker, and may notify other sensor nodes. Here, the predetermined reference time is preferably 15 seconds when SHA-1 is used as a hash operator in a sensor node using an ATmega128 microcontroller.

6 briefly shows the situation before and after the operation step of the method according to the invention. If the target node is not contaminated, the node will send a valid value that hashes the entire memory image, and the attack code will be overwritten because the random number is filled, even if the target node is contaminated and the attacker has planted an attack code to respond to the valid value. do. As a result, the compromised node is no longer able to send valid values to the verifier base station. 7 is an overall conceptual diagram of four steps of the method described so far, and FIG. 8 is a flowchart of a preceding code-verification method according to the present invention.

[Technical Advantages of the Invention]

1. Time insensitive verification

SWATT in WSN requires careful measurement of computation time in detecting malicious code. If a node uses a more powerful microprocessor, it needs more iterations of verification to amplify the difference in computation time.

This also means that the node will consume a lot of energy. SWATT is also hard to account for unforeseen time delays. If the network latency is considered, the attacker can cause the verifier to recognize the increase in computation time required for the attack as the network latency. So SWATT in WSN should be used very carefully.

On the other hand, the code-verification method according to the present invention does not require accurate measurement of this computation time. Instead, it requires memory space for accurate response. If the sensor node has a lot of memory space, it needs time to fill the empty memory space. In the present invention, by providing an appropriate response time limit in which the verification operation time and the network delay time are proportional to the size of the memory, various attacks to be described later can be prevented. In addition, the method according to the present invention provides a time-based flexibility because the effect of network latency on determining whether a target node is infected is insignificant.

2. Replay Attack Defense

Nodes contaminated by the attacker can attack again. This node can eavesdrop on valid messages previously used in other nodes' verification procedures. However, since the method according to the present invention is basically a challenge-and-response method, even if an attacker acquires a session key between another node and the verifier, a retransmission attack is impossible due to the nature of the nonce.

In the challenge-and-response approach, if an attacker knows a secret between two entities, he can easily succeed by sending a response message that computes this secret. In this method, the secret is the code itself. In fact, attacks on this protocol seem easy because the code can be easily exposed to attackers. However, in the method of the present invention, the attacker cannot have a memory space to hold both malicious code and normal code. Therefore, it is not possible to derive a valid response using nonce at the contaminated node.

3. Attacks and their defenses that calculate the required random number blocks

이기 때문에 시드로부터

번의 계산 값으로 볼 수 있다. 여기서 S_ho는 해쉬 함수의 출력 값의 크기이고 ∥는 특정 메모리의 크기를 나타낸다. (해쉬 함수가 SHA-1이라면 S_ho는 160이 되고, MD5라면 128이 된다.) 빈 메모리 영역은 Fill_Memory(n)가 동작하는 동안 난수 값을 두 번 채우게 됨을 상기하라. 또한, 유사하게 (n-1)번째 블록도 생성할 수 있다.Another attack method is to generate a block of random sequences at the time needed for malicious code to compute a hash value in the proof and response phases. Given n is the number of free memory blocks, the nth block

From the seed

It can be seen as the calculated value of times. Where S _ho is the size of the output of the hash function and ∥ is the size of a particular memory. (If the hash function is SHA-1, S _ho is 160, and if it is MD5, it is 128.) Recall that an empty memory area fills a random number twice during Fill_Memory (n). Similarly, the (n-1) th block can also be generated.

If we assume that the total memory length is significantly larger than the attack code, then the attack code is at least 20 times (SHA-1) to 16 times (MD5) compared to when the normal code is verified in the memory location where it resides. Hash operation will be performed. However, since the ratio of the total memory length to the length of the attack code is larger than the above assumption, it can be predicted that more time is required.

4. Performance Analysis of the Proof Mechanism

In the code-verification method according to the present invention, the total execution time T is calculated as follows.

Equation (2):

Here, Tr is the time required for random number generation and T ⁱ _a is the access time of Mem ⁱ . Currently, most types of sensor nodes are Mem ¹ , Mem ² , Mem ³ Mem1 is SRAM, Mem ² is programmable flash memory, and Mem ³ is external EEPROM. Table 1 below shows the hardware platform of the sensor node.

Table 1. Hardware Platforms for Sensor Nodes

Sensor MICA MICA2 Dot MICA2 Telos Microprocessor ATmega128 MSP430F1611 Word size 8-bit 16-bit Clock cycle 16 MHz 8 MHz SRAM size 4kB 10 kB Flash size 128 kB 48 kB MIPS 16 8

If, as we assume earlier, the administrator has not already left empty space in the flash memory, the write time of the EEPROM is very slow, so only the SRAM needs to be filled with random values when using the method of the present invention. In some types of sensor nodes, the external EEPROM is several megabits in size. And it takes thousands of seconds to fill this EEPROM. For example, if the size of the EEPROM is 4Mbit and the write time is 1ms per bit, the total write time is 1 hour 8 minutes 16 seconds. On the other hand, the write time of the SRAM is so fast that it can be ignored.

As mentioned above, the execution time of this method can be calculated only by the number of hash operations, so Equation (2) can be rewritten as follows.

Equation (3): T = T _h + T _r × S ¹ _E

When U _f is the number of hash rounds when filling the empty memory space, and δ is one round of execution time, T _r × S ¹ _E can be rewritten as U _f × δ. In addition, U _f can be calculated by the following equation.

Equation (4): U _f = [| SRAM | / S _ho ]

If U _r is the number of hash rounds in the response phase,

Equation (5): U _r = [(| SRAM | + | Flash |) / S _hi ] + 1

S _hi is the magnitude of the input value in one round of the hash function. (Usually S _hi is 512. +1 is added because there is an initial padding operation in the hash function.) Therefore, T _h can also be expressed as U _f × δ. Finally, T is Table 2 below shows round times and the number of hash rounds required (* is an estimate).

Equation (6): T = U _r × δ + U _f × δ = (U _r + U _f ) × δ

Table 2. Round time and number of hash rounds required (* is an estimate)

Microprocessor Round time (δ) Number of rounds (U _f ) Number of rounds (U _r ) ATmega128 (SHA-1) (MD5)  3636㎲ 1473㎲  205 256  2112 (+1) 2112 (+1) MSP430F1611 (SHA-1) (MD5)  * 7272㎲ * 2946㎲  512 640  928 (+1) 928 (+1)

The run time δ of the round at ATmega128 was 3636 ms in SHA-1 and 1473 ms in MD5 (P. Ganesan, R Venugopalan, P. Peddabachagari, A. Dean, F. Mueller, M. Sichitiu "Analyzing and Modeling Encryption Overhead for Sensor Network Nodes. "In WSNA'03, September 19, 2003, San Diego, California, USA. ACM Press). By comparing the respective MIPS, δ of ATmega163 and MSP430F1611 was estimated by the value of ATmega128.

Table 3 shows the runtime on each microprocessor. As shown in this table, execution time varies greatly from about 1 to 10 seconds depending on the microprocessor. Therefore, when setting the response latency from the node, this estimated execution time should be fully reflected along with the network delay time.

[Table 3] Time required for hash operation

Microprocessor Time (U _f × δ) Time (U _r × δ) Total time (T) ATmega128 (SHA-1) (MD5)  0.745s 0.377s  7.863s 3.112s  8.428s 3.489s MSP430F1611 (SHA-1) (MD5)  3.723s 1.855s  6.756s 2.737s  10.479 s 4.622 s

5. Performance Analysis of Attack Model

The attack model mentioned in 3 above is analyzed. Recall that an attacker must generate a block value consisting of random values when the hash function requires it in the response phase. The total computation time an attacker must perform to hide his code is as follows:

Equation (7): Ta = T '+ U _a × δ

U _a is the total number of hash rounds an attacker needs to generate a valid response. Assuming the total length of the attack code is 20-block, Table 4 below is an approximation of the total execution time of the attack model.

[Table 4] Time required for attack code hash operation

Microprocessor Round (U _a ) Time (U _a × δ) Total time of attack code (T ') ATmega128 (SHA-1) (MD5)  3600 2800  13.089 s 4.242 s  22.262s 8.128s MSP430F1611 (SHA-1) (MD5)  3600 2800  26.179s 8.484s  40.381s 14.991s

9 shows the difference between the total operation time of the normal verification method and the total operation time of the attack code. In Figure 9 it can be seen that the time of attack code is at least twice that of normal. This means that the verifier can get enough time difference to distinguish the normal node from the malicious node despite the unexpected time delay such as network traffic.

According to the preceding code-verification method using memory space deletion in the wireless sensor network of the present invention, it operates in a very simple manner but is effective in detecting malicious code in the sensor node without relying on accurate time information. Due to the nature of this method, the challenge-response method between the prover and the target node can be easily converted into a manner in which the node and the node play the roles of the prover and the target node. The present invention proposes such a node-to-node authentication method, and in particular, the node-to-node authentication method is extended to perform a function of excluding a captured node in a network by linking each node without relaying a base station. can do. Extending the method to the node-to-node method, even in the absence of a base station, it is possible to pre-verify nodes suspected to have been modified by an attacker and properly remove them before taking action to damage the network. It is also possible to devise a group code-verification method that proves the code of nodes in a particular group through appropriate modification of the method.

As described above with reference to the drawings illustrating a preceding code-verification method using memory space deletion in the wireless sensor network according to the present invention, the present invention is limited by the embodiments and drawings disclosed in this specification. Of course, various modifications may be made by those skilled in the art within the technical scope of the present invention.

1 is a view showing a description of the notation used in the present invention,

2 is a diagram conceptually illustrating a memory of a sensor node, where Mem ¹ is a RAM of a microcontroller and Mem ⁱ is a programmable flash memory.

3A to 3C are schematic diagrams illustrating a process of filling an empty memory space of a target node in an operation step of the present invention;

FIG. 4 is a diagram illustrating a Fill_Memory (n) algorithm for executing the process of FIGS. 3A to 3C.

FIG. 5 is a diagram illustrating an example of mixing represented by MIXED_MEM using SHA-1; FIG.

6 conceptually illustrates changes in memory contents before and after the Fill_Memory (n) algorithm;

7 shows diagrammatically a preceding code-verification method according to the invention,

8 is a flowchart illustrating a preceding code-verification method according to the present invention;

9 is a graph showing the difference between the total operation time of the normal verification method and the total operation time of the attack code.

Claims (9)

The sensor, the base station as a verifier, encrypts the request message header (Req), the ID of the base station (ID _BS ), and all three messages by encrypting the ID and nonce (n) with a security key distributed between the base station and the sensor node. Requesting to send to the node; Generating a random number using the nonce as a seed and filling the random number with an empty area of a memory in the sensor node; A response step of the sensor node transmitting the hash value of its entire memory to the base station in response; And a verification step of comparing the hash value transmitted from the sensor node with a hash value calculated from memory information of the sensor node owned by the base station. The requesting step may further include determining whether the message is legitimate by comparing the ID of the base station by decrypting the encrypted message after receiving the three messages. A preceding code-verification method using memory space deletion. delete The method of claim 1, And a free area of the memory is a memory area excluding a proof code, a firmware code, and a data area in the memory. The method of claim 1, And wherein said calculating step fills a free area of memory in said sensor node with an XOR operation of two random values. The method of claim 4, wherein The calculating step may include filling an empty area of the memory in the sensor node with an XOR operation of two random values, and then operating in the opposite direction, overwriting the existing random number space with an XOR operation with the newly generated random number. A code-verification method using memory space deletion in a wireless sensor network. The method of claim 1, The hash value is a wireless value, characterized in that all the hash value from the RAM (RAM) memory of the microcontroller of the sensor node consisting of the authentication code, firmware code and the free area to the programmable flash memory consisting of the data area and the blank area. A preceding code-verification method using memory space deletion in sensor network. The method of claim 1, The verifying step compares the hash value transmitted from the sensor node with a hash value calculated using memory information of the sensor node owned by the base station, and if the two hash values do not match, the base station determines the sensor. And determining that the node has been contaminated or illegally modified by an attacker and notifying the other sensor nodes to the other sensor nodes. The method of claim 1, If the response time of the sensor node exceeds a predetermined reference time, the base station further determines that the sensor node is contaminated or illegally modified by an attacker, and further comprising the step of notifying to other sensor nodes A code-verification method using memory space deletion in a wireless sensor network. The method of claim 8, The predetermined reference time is 15 seconds. The preceding code-verification method using memory space deletion in a wireless sensor network.

Images