Key management for wireless sensor network security

Wireless Sensor Networks (WSNs) have attracted great attention not only in industry but also in academia due to their enormous application potential and unique security challenges. A typical sensor network can be seen as a combination of a number of low-cost sensor nodes which have very limited computation and communication capability, memory space, and energy supply. The nodes are self-organized into a network to sense or monitor surrounding information in an unattended environment, while the self-organization property makes the networks vulnerable to various attacks.Many cryptographic mechanisms that solve network security problems rely directly on secure and efficient key management making key management a fundamental research topic in the field of WSNs security. Although key management for WSNs has been studied over the last years, the majority of the literature has focused on some assumed vulnerabilities along with corresponding countermeasures. Specific application, which is an important factor in determining the feasibility of the scheme, has been overlooked to a large extent in the existing literature.This thesis is an effort to develop a key management framework and specific schemes for WSNs by which different types of keys can be established and also can be distributed in a self-healing manner; explicit/ implicit authentication can be integrated according to the security requirements of expected applications. The proposed solutions would provide reliable and robust security infrastructure for facilitating secure communications in WSNs.There are five main parts in the thesis. In Part I, we begin with an introduction to the research background, problems definition and overview of existing solutions. From Part II to Part IV, we propose specific solutions, including purely Symmetric Key Cryptography based solutions, purely Public Key Cryptography based solutions, and a hybrid solution. While there is always a trade-off between security and performance, analysis and experimental results prove that each proposed solution can achieve the expected security aims with acceptable overheads for some specific applications. Finally, we recapitulate the main contribution of our work and identify future research directions in Part V

A Survey on Wireless Sensor Network Security

Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed nature of these networks and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. This problem is more critical if the network is deployed for some mission-critical applications such as in a tactical battlefield. Random failure of nodes is also very likely in real-life deployment scenarios. Due to resource constraints in the sensor nodes, traditional security mechanisms with large overhead of computation and communication are infeasible in WSNs. Security in sensor networks is, therefore, a particularly challenging task. This paper discusses the current state of the art in security mechanisms for WSNs. Various types of attacks are discussed and their countermeasures presented. A brief discussion on the future direction of research in WSN security is also included.Comment: 24 pages, 4 figures, 2 table

Distributed storage protection in wireless sensor networks

With reference to a distributed architecture consisting of sensor nodes connected in a wireless network, we present a model of a protection system based on segments and applications. An application is the result of the joint activities of a set of cooperating nodes. A given node can access a segment stored in the primary memory of a different node only by presenting a gate for that segment. A gate is a form of pointer protected cryptographically, which references a segment and specifies a set of access rights for this segment. Gates can be freely transmitted between nodes, thereby granting the corresponding access permissions. Two special node functionalities are considered, segment servers and application servers. Segment servers are used for inter-application communication and information gathering. An application server is used in each application to support key management and rekeying. The rekey mechanism takes advantage of key naming to cope with losses of rekey messages. The total memory requirements for key and gate storage result to be a negligible fraction of the overall memory resources of the generic network node

Key management for beyond 5G mobile small cells: a survey

The highly anticipated 5G network is projected to be introduced in 2020. 5G stakeholders are unanimous that densification of mobile networks is the way forward. The densification will be realized by means of small cell technology, and it is capable of providing coverage with a high data capacity. The EU-funded H2020-MSCA project “SECRET” introduced covering the urban landscape with mobile small cells, since these take advantages of the dynamic network topology and optimizes network services in a cost-effective fashion. By taking advantage of the device-to-device communications technology, large amounts of data can be transmitted over multiple hops and, therefore, offload the general network. However, this introduction of mobile small cells presents various security and privacy challenges. Cryptographic security solutions are capable of solving these as long as they are supported by a key management scheme. It is assumed that the network infrastructure and mobile devices from network users are unable to act as a centralized trust anchor since these are vulnerable targets to malicious attacks. Security must, therefore, be guaranteed by means of a key management scheme that decentralizes trust. Therefore, this paper surveys the state-of-the-art key management schemes proposed for similar network architectures (e.g., mobile ad hoc networks and ad hoc device-to-device networks) that decentralize trust. Furthermore, these key management schemes are evaluated for adaptability in a network of mobile small cells

PalProtect: A Collaborative Security Approach to Comment Spam

Collaborative security is a promising solution to many types of security problems. Organizations and individuals often have a limited amount of resources to detect and respond to the threat of automated attacks. Enabling them to take advantage of the resources of their peers by sharing information related to such threats is a major step towards automating defense systems. In particular, comment spam posted on blogs as a way for attackers to do Search Engine Optimization (SEO) is a major annoyance. Many measures have been proposed to thwart such spam, but all such measures are currently enacted and operate within one administrative domain. We propose and implement a system for cross-domain information sharing to improve the quality and speed of defense against such spam

Adaptation of the human nervous system for self-aware secure mobile and IoT systems

IT systems have been deployed across several domains, such as hospitals and industries, for the management of information and operations. These systems will soon be ubiquitous in every field due to the transition towards the Internet of Things (IoT). The IoT brings devices with sensory functions into IT systems through the process of internetworking. The sensory functions of IoT enable them to generate and process information automatically, either without human contribution or having the least human interaction possible aside from the information and operations management tasks. Security is crucial as it prevents system exploitation. Security has been employed after system implementation, and has rarely been considered as a part of the system. In this dissertation, a novel solution based on a biological approach is presented to embed security as an inalienable part of the system. The proposed solution, in the form of a prototype of the system, is based on the functions of the human nervous system (HNS) in protecting its host from the impacts caused by external or internal changes. The contributions of this work are the derivation of a new system architecture from HNS functionalities and experiments that prove the implementation feasibility and efficiency of the proposed HNS-based architecture through prototype development and evaluation. The first contribution of this work is the adaptation of human nervous system functions to propose a new architecture for IT systems security. The major organs and functions of the HNS are investigated and critical areas are identified for the adaptation process. Several individual system components with similar functions to the HNS are created and grouped to form individual subsystems. The relationship between these components is established in a similar way as in the HNS, resulting in a new system architecture that includes security as a core component. The adapted HNS-based system architecture is employed in two the experiments prove its implementation capability, enhancement of security, and overall system operations. The second contribution is the implementation of the proposed HNS-based security solution in the IoT test-bed. A temperature-monitoring application with an intrusion detection system (IDS) based on the proposed HNS architecture is implemented as part of the test-bed experiment. Contiki OS is used for implementation, and the 6LoWPAN stack is modified during the development process. The application, together with the IDS, has a brain subsystem (BrSS), a spinal cord subsystem (SCSS), and other functions similar to the HNS whose names are changed. The HNS functions are shared between an edge router and resource-constrained devices (RCDs) during implementation. The experiment is evaluated in both test-bed and simulation environments. Zolertia Z1 nodes are used to form a 6LoWPAN network, and an edge router is created by combining Pandaboard and Z1 node for a test-bed setup. Two networks with different numbers of sensor nodes are used as simulation environments in the Cooja simulator. The third contribution of this dissertation is the implementation of the proposed HNS-based architecture in the mobile platform. In this phase, the Android operating system (OS) is selected for experimentation, and the proposed HNS-based architecture is specifically tailored for Android. A context-based dynamically reconfigurable access control system (CoDRA) is developed based on the principles of the refined HNS architecture. CoDRA is implemented through customization of Android OS and evaluated under real-time usage conditions in test-bed environments. During the evaluation, the implemented prototype mimicked the nature of the HNS in securing the application under threat with negligible resource requirements and solved the problems in existing approaches by embedding security within the system. Furthermore, the results of the experiments highlighted the retention of HNS functions after refinement for different IT application areas, especially the IoT, due to its resource-constrained nature, and the implementable capability of our proposed HNS architecture.--- IT-järjestelmiä hyödynnetään tiedon ja toimintojen hallinnassa useilla aloilla, kuten sairaaloissa ja teollisuudessa. Siirtyminen kohti esineiden Internetiä (Internet of Things, IoT) tuo tällaiset laitteet yhä kiinteämmäksi osaksi jokapäiväistä elämää. IT-järjestelmiin liitettyjen IoT-laitteiden sensoritoiminnot mahdollistavat tiedon automaattisen havainnoinnin ja käsittelyn osana suurempaa järjestelmää jopa täysin ilman ihmisen myötävaikutusta, poislukien mahdolliset ylläpito- ja hallintatoimenpiteet. Turvallisuus on ratkaisevan tärkeää IT-järjestelmien luvattoman käytön estämiseksi. Valitettavan usein järjestelmäsuunnittelussa turvallisuus ei ole osana ydinsuunnitteluprosessia, vaan otetaan huomioon vasta käyttöönoton jälkeen. Tässä väitöskirjassa esitellään uudenlainen biologiseen lähestymistapaan perustuva ratkaisu, jolla turvallisuus voidaan sisällyttää erottamattomaksi osaksi järjestelmää. Ehdotettu prototyyppiratkaisu perustuu ihmisen hermoston toimintaan tilanteessa, jossa se suojelee isäntäänsä ulkoisten tai sisäisten muutosten vaikutuksilta. Tämän työn keskeiset tulokset ovat uuden järjestelmäarkkitehtuurin johtaminen ihmisen hermoston toimintaperiaatteesta sekä tällaisen järjestelmän toteutettavuuden ja tehokkuuden arviointi kokeellisen prototyypin kehittämisen ja toiminnan arvioinnin avulla. Tämän väitöskirjan ensimmäinen kontribuutio on ihmisen hermoston toimintoihin perustuva IT-järjestelmäarkkitehtuuri. Tutkimuksessa arvioidaan ihmisen hermoston toimintaa ja tunnistetaan keskeiset toiminnot ja toiminnallisuudet, jotka mall-innetaan osaksi kehitettävää järjestelmää luomalla näitä vastaavat järjestelmäkomponentit. Nä-istä kootaan toiminnallisuudeltaan hermostoa vastaavat osajärjestelmät, joiden keskinäinen toiminta mallintaa ihmisen hermoston toimintaa. Näin luodaan arkkitehtuuri, jonka keskeisenä komponenttina on turvallisuus. Tämän pohjalta toteutetaan kaksi prototyyppijärjestelmää, joiden avulla arvioidaan arkkitehtuurin toteutuskelpoisuutta, turvallisuutta sekä toimintakykyä. Toinen kontribuutio on esitetyn hermostopohjaisen turvallisuusratkaisun toteuttaminen IoT-testialustalla. Kehitettyyn arkkitehtuuriin perustuva ja tunkeutumisen estojärjestelmän (intrusion detection system, IDS) sisältävä lämpötilan seurantasovellus toteutetaan käyttäen Contiki OS -käytöjärjestelmää. 6LoWPAN protokollapinoa muokataan tarpeen mukaan kehitysprosessin aikana. IDS:n lisäksi sovellukseen kuuluu aivo-osajärjestelmä (Brain subsystem, BrSS), selkäydinosajärjestelmä (Spinal cord subsystem, SCSS), sekä muita hermoston kaltaisia toimintoja. Nämä toiminnot jaetaan reunareitittimen ja resurssirajoitteisten laitteiden kesken. Tuloksia arvioidaan sekä simulaatioiden että testialustan tulosten perusteella. Testialustaa varten 6LoWPAN verkon toteutukseen valittiin Zolertia Z1 ja reunareititin on toteutettu Pandaboardin ja Z1:n yhdistelmällä. Cooja-simulaattorissa käytettiin mallinnukseen ymp-äristönä kahta erillistä ja erikokoisuta sensoriverkkoa. Kolmas tämän väitöskirjan kontribuutio on kehitetyn hermostopohjaisen arkkitehtuurin toteuttaminen mobiilialustassa. Toteutuksen alustaksi valitaan Android-käyttöjärjestelmä, ja kehitetty arkkitehtuuri räätälöidään Androidille. Tuloksena on kontekstipohjainen dynaamisesti uudelleen konfiguroitava pääsynvalvontajärjestelmä (context-based dynamically reconfigurable access control system, CoDRA). CoDRA toteutetaan mukauttamalla Androidin käyttöjärjestelmää ja toteutuksen toimivuutta arvioidaan reaaliaikaisissa käyttöolosuhteissa testialustaympäristöissä. Toteutusta arvioitaessa havaittiin, että kehitetty prototyyppi jäljitteli ihmishermoston toimintaa kohdesovelluksen suojaamisessa, suoriutui tehtävästään vähäisillä resurssivaatimuksilla ja onnistui sisällyttämään turvallisuuden järjestelmän ydintoimintoihin. Tulokset osoittivat, että tämän tyyppinen järjestelmä on toteutettavissa sekä sen, että järjestelmän hermostonkaltainen toiminnallisuus säilyy siirryttäessä sovellusalueelta toiselle, erityisesti resursseiltaan rajoittuneissa IoT-järjestelmissä

ICSNC 1: Mobility and Ad Hoc

Page 1. Page 2. ICSNC 1: Mobility and Ad Hoc Energy Aware Topology Management in Ad Hoc Wireless Networks T. Shiv Prakash, GS Badrinath, KR Venugopal and LM Patnaik T Hybrid Agents for Power-Aware Intrusion Detection in Highly Mobile Ad Hoc Networks T. Srinivasan, V. Mahadevan, A. Meyyappan, A. Manikandan, M. Nivedita and N. Pavithra T An Enhanced Gnutella for Ad-Hoc Networks Hyun-Duk Choi, Ho-Hyun Park and Miae Woo T A New EAAODV Routing Protocol Based on Mobile Agent Chenchen Zhao and Zhen Yang T The Case of Multi-Hop Peer-to-Peer Implementation of Mobile Social Applications Panayotis Antoniadis and Costas Courcoubetis T Mobile Agent Communication Scheme: An Evolving Canvas Mâamoun Bernich and Fabrice Mourlin T Page 3. ICSNC 2: High Speed Building High-Performance and Reconfigurable Bandwidth Controllers with Adaptive Clustering

Security protocols suite for machine-to-machine systems

Nowadays, the great diffusion of advanced devices, such as smart-phones, has shown that there is a growing trend to rely on new technologies to generate and/or support progress; the society is clearly ready to trust on next-generation communication systems to face today’s concerns on economic and social fields. The reason for this sociological change is represented by the fact that the technologies have been open to all users, even if the latter do not necessarily have a specific knowledge in this field, and therefore the introduction of new user-friendly applications has now appeared as a business opportunity and a key factor to increase the general cohesion among all citizens. Within the actors of this technological evolution, wireless machine-to-machine (M2M) networks are becoming of great importance. These wireless networks are made up of interconnected low-power devices that are able to provide a great variety of services with little or even no user intervention. Examples of these services can be fleet management, fire detection, utilities consumption (water and energy distribution, etc.) or patients monitoring. However, since any arising technology goes together with its security threats, which have to be faced, further studies are necessary to secure wireless M2M technology. In this context, main threats are those related to attacks to the services availability and to the privacy of both the subscribers’ and the services providers’ data. Taking into account the often limited resources of the M2M devices at the hardware level, ensuring the availability and privacy requirements in the range of M2M applications while minimizing the waste of valuable resources is even more challenging. Based on the above facts, this Ph. D. thesis is aimed at providing efficient security solutions for wireless M2M networks that effectively reduce energy consumption of the network while not affecting the overall security services of the system. With this goal, we first propose a coherent taxonomy of M2M network that allows us to identify which security topics deserve special attention and which entities or specific services are particularly threatened. Second, we define an efficient, secure-data aggregation scheme that is able to increase the network lifetime by optimizing the energy consumption of the devices. Third, we propose a novel physical authenticator or frame checker that minimizes the communication costs in wireless channels and that successfully faces exhaustion attacks. Fourth, we study specific aspects of typical key management schemes to provide a novel protocol which ensures the distribution of secret keys for all the cryptographic methods used in this system. Fifth, we describe the collaboration with the WAVE2M community in order to define a proper frame format actually able to support the necessary security services, including the ones that we have already proposed; WAVE2M was funded to promote the global use of an emerging wireless communication technology for ultra-low and long-range services. And finally sixth, we provide with an accurate analysis of privacy solutions that actually fit M2M-networks services’ requirements. All the analyses along this thesis are corroborated by simulations that confirm significant improvements in terms of efficiency while supporting the necessary security requirements for M2M networks