AEGIS: A Lightweight Firewall for Wireless Sensor Networks

  • Mohammad Sajjad Hossain
  • Vijay Raghunathan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6131)


Firewalls are an essential component in today’s networked computing systems (desktops, laptops, and servers) and provide effective protection against a variety of over-the-network security attacks. With the development of technologies such as IPv6 and 6LoWPAN that pave the way for Internet-connected embedded systems and sensor networks, these devices will soon be subject to (and need to be defended against) similar security threats. As a first step, this paper presents Aegis, a lightweight, rule-based firewall for networked embedded systems such as wireless sensor networks. Aegis is based on a semantically rich, yet simple, rule definition language. In addition, Aegis is highly efficient during operation, runs in a transparent manner from running applications, and is easy to maintain. Experimental results obtained using real sensor nodes and cycle-accurate simulations demonstrate that Aegis successfully performs gatekeeping of a sensor node’s communication traffic in a flexible manner with minimal overheads.


Wireless Sensor Networks Firewall Network Overlay 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Bhatti, S., et al.: MANTIS OS: An embedded multithreaded operating system for wireless micro sensor platforms. Mobile Networks and Applications 10(4), 563–579 (2005)CrossRefGoogle Scholar
  3. 3.
    Buonadonna, P., Hill, J., Culler, D.: Active message communication for tiny networked sensors. In: Proc. of INFOCOM (2001)Google Scholar
  4. 4.
    Chapman, D.B., Zwicky, E.D., Russell, D.: Building internet firewalls. O’Reilly & Associates, Inc., Sebastopol (1995)Google Scholar
  5. 5.
    Dunkels, A.: Full TCP/IP for 8 Bit Architectures. Proc. of MobiSys (May 2003)Google Scholar
  6. 6.
    Dunkels, A., Gronvall, B., Voigt, T.: Contiki-a lightweight and flexible operating system for tiny networked sensors. In: Proc. of the First IEEE Workshop on Embedded Networked Sensors, pp. 455–462 (2004)Google Scholar
  7. 7.
    Dutta, P., Hui, J., Chu, D., Culler, D.: Securing the deluge Network programming system. In: Proc. of IPSN, pp. 326–333 (2006)Google Scholar
  8. 8.
    Gershenfeld, N., Krikorian, R., Cohen, D.: The Internet of Things. Scientific American 291(4), 76–81 (2004)CrossRefGoogle Scholar
  9. 9.
    Gouda, M.G., Liu, X.-Y.A.: Firewall design: consistency, completeness, and compactness. In: Proc. of 24th International Conference on Distributed Computing Systems, pp. 320–327 (2004)Google Scholar
  10. 10.
    Han, C.C., Rengaswamy, R.K., Shea, R., Kohler, E., Srivastava, M.: SOS: A dynamic operating system for sensor networks. In: MobiSys, pp. 163–176 (2005)Google Scholar
  11. 11.
    Hui, J.W., Culler, D.E.: IP is dead, long live IP for wireless sensor networks. In: Proc. of SenSys, pp. 15–28 (2008)Google Scholar
  12. 12.
    Hui, J.W., Culler, D.E.: Extending IP to low-power, wireless personal area networks. IEEE Internet Computing, 37–45 (2008)Google Scholar
  13. 13.
    Karlof, C., Sastry, N., Wagner, D.: TinySec: a link layer security architecture for wireless sensor networks. In: Proc. of SenSys, pp. 162–175 (2004)Google Scholar
  14. 14.
    Kothari, N., Nagaraja, K., Raghunathan, V., Sultan, F., Chakradhar, S.: HERMES: A Software Architecture for Visibility and Control in Wireless Sensor Network Deployments. In: IPSN, pp. 395–406 (2008)Google Scholar
  15. 15.
    Kumar, R., Kohler, E., Srivastava, M.: Harbor: software-based memory protection for sensor nodes. In: Proc. of IPSN, pp. 340–349 (2007)Google Scholar
  16. 16.
    Levis, P., Culler, D.: Mate: A Tiny Virtual Machine for Sensor Networks. In: Proc. of ASPLOS (2002)Google Scholar
  17. 17.
    Levis, P., Patel, N., Culler, D., Shenker, S.: Trickle: A self-regulating algorithm for code propagation and maintenance in wireless sensor networks. In: Proc. of NSDI, vol. 246 (2004)Google Scholar
  18. 18.
    Liu, A.X., Torng, E., Meiners, C.R.: Firewall compressor: An algorithm for minimizing firewall policies. In: INFOCOM, April 2008, pp. 176–180 (2008)Google Scholar
  19. 19.
    Ma, J., et al.: S_Firewall: A Firewall in Wireless Sensor Networks. In: WiCOM, September 2006, pp. 1–4 (2006)Google Scholar
  20. 20.
    Murthy, U., Bukhres, O., Winn, W., Vanderdez, E.: Firewalls for security in wireless networks. In: Proc. of HICSS, vol. 7, p. 672 (1998)Google Scholar
  21. 21.
    Perrig, A., Stankovic, J., Wagner, D.: Security in wireless sensor networks. Commun. ACM 47(6), 53–57 (2004)CrossRefGoogle Scholar
  22. 22.
    Titzer, B.L., Lee, D.K., Palsberg, J.: Avrora: scalable sensor network simulation with precise timing. In: IPSN, pp. 477–482 (April 2005)Google Scholar
  23. 23.
    Werner-Allen, G., Swieskowski, P., Welsh, M.: Motelab: a wireless sensor network testbed. In: Proc. of IPSN, pp. 483–488 (2005)Google Scholar
  24. 24.
    Woo, A., Tong, T., Culler, D.: Taming the underlying challenges of reliable multihop routing in sensor networks. In: Proc. of SenSys, pp. 14–27 (2003)Google Scholar
  25. 25.
    Wood, A.D., Stankovic, J.A.: Denial of service in sensor networks. Computer, 54–62 (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Mohammad Sajjad Hossain
    • 1
  • Vijay Raghunathan
    • 1
  1. 1.School of Electrical and Computer EngineeringPurdue UniversityWest Lafayette

Personalised recommendations