Solutions and Tools for Secure Communication in Wireless Sensor Networks

Secure communication is considered a vital requirement in Wireless Sensor Network (WSN) applications. Such a requirement embraces different aspects, including confidentiality, integrity and authenticity of exchanged information, proper management of security material, and effective prevention and reaction against security threats and attacks. However, WSNs are mainly composed of resource-constrained devices. That is, network nodes feature reduced capabilities, especially in terms of memory storage, computing power, transmission rate, and energy availability. As a consequence, assuring secure communication in WSNs results to be more difficult than in other kinds of network. In fact, trading effectiveness of adopted solutions with their efficiency becomes far more important. In addition, specific device classes or technologies may require to design ad hoc security solutions. Also, it is necessary to efficiently manage security material, and dynamically cope with changes of security requirements. Finally, security threats and countermeasures have to be carefully considered since from the network design phase. This Ph.D. dissertion considers secure communication in WSNs, and provides the following contributions. First, we provide a performance evaluation of IEEE 802.15.4 security services. Then, we focus on the ZigBee technology and its security services, and propose possible solutions to some deficiencies and inefficiencies. Second, we present HISS, a highly scalable and efficient key management scheme, able to contrast collusion attacks while displaying a graceful degradation of performance. Third, we present STaR, a software component for WSNs that secures multiple traffic flows at the same time. It is transparent to the application, and provides runtime reconfigurability, thus coping with dynamic changes of security requirements. Finally, we describe ASF, our attack simulation framework for WSNs. Such a tool helps network designers to quantitatively evaluate effects of security attacks, produce an attack ranking based on their severity, and thus select the most appropriate countermeasures

Software based deployment of encryption keys in wireless sensor networks.

Sensor networks are just in their infancy. Their use will continue to grow as the technology becomes cheaper and more efficient. A current shortcoming with sensor networks is the inability to efficiently provide secure communications. As sensor networks are deployed to monitor and control systems, the security of communications will become a more important. This thesis proposes a new approach to key establishment and renewal through the use of point-to-point keys and software verification and validation to ensure the integrity of two nodes. Sensor networks exist on limited resources, so power efficiency is a concern. The proposed protocol allows for the use of small keys instead of large pre-distributed keys. This thesis explores the design and implementation of a new point-to-point key generation and renewal algorithm. The main contribution is the development of an algorithm that utilizes a software integrity check to ensure the validity of a node. The thesis also utilizes a simulated sensor network to test and validate the new software algorithm

Trust model for certificate revocation in Ad hoc networks

In this paper we propose a distributed trust model for certificate revocation in Adhoc networks. The proposed model allows trust to be built over time as the number of interactions between nodes increase. Furthermore, trust in a node is defined not only in terms of its potential for maliciousness, but also in terms of the quality of the service it provides. Trust in nodes where there is little or no history of interactions is determined by recommendations from other nodes. If the nodes in the network are selfish, trust is obtained by an exchange of portfolios. Bayesian networks form the underlying basis for this model

A key management scheme for heterogeneous sensor networks using keyed-hash chain

We present a suite of key management scheme for heterogeneous sensor networks. In view of different types of communications, a single key can not satisfy various communication requirements. It is necessary to study the establishment and renewal of different types of keys in heterogeneous sensornetworks. In this paper, we propose a new key management scheme which can support five types of communications. Our basic scheme is based on a keyed-hash chain approach. A new cluster mechanism is used to improve the probability of key sharing between sensors and their cluster heads. Different from existing schemes where a node capture attack might lead to the disclosure of several key chains, our method can avoid this drawback through not storing network-wide generating keys inlow-cost sensors. Only pairwise keys involving the compromised node should be deleted in our scheme. It is motivated by the observation that all the information stored on a sensor may be disclosed once the sensor gets compromised. Through the analysis of both security and performance, we show the scheme meets the security requirements

Lightweight cryptography for IoT devices

Tese de Mestrado, Engenharia Informática, 2022, Universidade de Lisboa, Faculdade de CiênciasLightweight cryptography is a field that has been growing fast recently due to the demand for secure Internet of Things (IoT) applications. These algorithms provide se curity for computational power, memory, and energy-constrained devices. In this work, we propose a new protocol based on lightweight cryptography algorithms that enables the generation and distribution of keys for symmetric systems to be used in private communi cations on a wireless sensor network (WSN). The proposed protocol is designed to work in multi-hop communication networks, where nodes out of range of the Base Station can be part of the network, offering the same security mechanisms that a node in the commu nication range of the Base Station has. Experimental results and a detailed comparison with other architectures show how fast and energy-efficient the protocol is, while ensuring a high level of authenticity, confidentiality and integrity

SensoTrust: trustworthy domains in wireless sensor networks

Wireless sensor networks (WSNs) based on wearable devices are being used in a growing variety of applications, many of them with strict privacy requirements: medical, surveillance, e-Health, and so forth. Since private data is being shared (physiological measures, medical records, etc.), implementing security mechanisms in these networks has become a major challenge. The objective of deploying a trustworthy domain is achieving a nonspecific security mechanism that can be used in a plethora of network topologies and with heterogeneous application requirements. Another very important challenge is resilience. In fact, if a stand-alone and self-configuring WSN is required, an autosetup mechanism is necessary in order to maintain an acceptable level of service in the face of security issues or faulty hardware. This paper presents SensoTrust, a novel security model for WSN based on the definition of trustworthy domains, which is adaptable to a wide range of applications and scenarios where services are published as a way to distribute the acquired data. Security domains can be deployed as an add-on service to merge with any service already deployed, obtaining a new secured service

A contrasting look at self-organization in the Internet and next-generation communication networks

This article examines contrasting notions of self-organization in the Internet and next-generation communication networks, by reviewing in some detail recent evidence regarding several of the more popular attempts to explain prominent features of Internet structure and behavior as "emergent phenomena." In these examples, what might appear to the nonexpert as "emergent self-organization" in the Internet actually results from well conceived (albeit perhaps ad hoc) design, with explanations that are mathematically rigorous, in agreement with engineering reality, and fully consistent with network measurements. These examples serve as concrete starting points from which networking researchers can assess whether or not explanations involving self-organization are relevant or appropriate in the context of next-generation communication networks, while also highlighting the main differences between approaches to self-organization that are rooted in engineering design vs. those inspired by statistical physics

Key management for wireless sensor network security

Wireless Sensor Networks (WSNs) have attracted great attention not only in industry but also in academia due to their enormous application potential and unique security challenges. A typical sensor network can be seen as a combination of a number of low-cost sensor nodes which have very limited computation and communication capability, memory space, and energy supply. The nodes are self-organized into a network to sense or monitor surrounding information in an unattended environment, while the self-organization property makes the networks vulnerable to various attacks.Many cryptographic mechanisms that solve network security problems rely directly on secure and efficient key management making key management a fundamental research topic in the field of WSNs security. Although key management for WSNs has been studied over the last years, the majority of the literature has focused on some assumed vulnerabilities along with corresponding countermeasures. Specific application, which is an important factor in determining the feasibility of the scheme, has been overlooked to a large extent in the existing literature.This thesis is an effort to develop a key management framework and specific schemes for WSNs by which different types of keys can be established and also can be distributed in a self-healing manner; explicit/ implicit authentication can be integrated according to the security requirements of expected applications. The proposed solutions would provide reliable and robust security infrastructure for facilitating secure communications in WSNs.There are five main parts in the thesis. In Part I, we begin with an introduction to the research background, problems definition and overview of existing solutions. From Part II to Part IV, we propose specific solutions, including purely Symmetric Key Cryptography based solutions, purely Public Key Cryptography based solutions, and a hybrid solution. While there is always a trade-off between security and performance, analysis and experimental results prove that each proposed solution can achieve the expected security aims with acceptable overheads for some specific applications. Finally, we recapitulate the main contribution of our work and identify future research directions in Part V