KALwEN: A New Practical and Interoperable Key Management Scheme for Body Sensor Networks

Key management is the pillar of a security architecture. Body sensor networks(BSNs) pose several challenges -- some inherited from wireless sensor networks(WSNs), some unique to themselves -- that require a new key management scheme to be tailor-made. The challenge is taken on, and the result is KALwEN, a new lightweight scheme that combines the best-suited cryptographic techniques in a seamless framework. KALwEN is user-friendly in the sense that it requires no expert knowledge of a user, and instead only requires a user to follow a simple set of instructions when bootstrapping or extending a network. One of KALwEN's key features is that it allows sensor devices from different manufacturers, which expectedly do not have any pre-shared secret, to establish secure communications with each other. KALwEN is decentralized, such that it does not rely on the availability of a local processing unit (LPU). KALwEN supports global broadcast, local broadcast and neighbor-to-neighbor unicast, while preserving past key secrecry and future key secrecy. The fact that the cryptographic protocols of KALwEN have been formally verified also makes a convincing case

A Robot-Sensor Network Security Architecture for Monitoring Applications

This paper presents SNSR (Sensor Network Security using Robots), a novel, open, and flexible architecture that improves security in static sensor networks by benefiting from robot-sensor network cooperation. In SNSR, the robot performs sensor node authentication and radio-based localization (enabling centralized topology computation and route establishment) and directly interacts with nodes to send them configurations or receive status and anomaly reports without intermediaries. SNSR operation is divided into stages set in a feedback iterative structure, which enables repeating the execution of stages to adapt to changes, respond to attacks, or detect and correct errors. By exploiting the robot capabilities, SNSR provides high security levels and adaptability without requiring complex mechanisms. This paper presents SNSR, analyzes its security against common attacks, and experimentally validates its performance

Solutions and Tools for Secure Communication in Wireless Sensor Networks

Secure communication is considered a vital requirement in Wireless Sensor Network (WSN) applications. Such a requirement embraces different aspects, including confidentiality, integrity and authenticity of exchanged information, proper management of security material, and effective prevention and reaction against security threats and attacks. However, WSNs are mainly composed of resource-constrained devices. That is, network nodes feature reduced capabilities, especially in terms of memory storage, computing power, transmission rate, and energy availability. As a consequence, assuring secure communication in WSNs results to be more difficult than in other kinds of network. In fact, trading effectiveness of adopted solutions with their efficiency becomes far more important. In addition, specific device classes or technologies may require to design ad hoc security solutions. Also, it is necessary to efficiently manage security material, and dynamically cope with changes of security requirements. Finally, security threats and countermeasures have to be carefully considered since from the network design phase. This Ph.D. dissertion considers secure communication in WSNs, and provides the following contributions. First, we provide a performance evaluation of IEEE 802.15.4 security services. Then, we focus on the ZigBee technology and its security services, and propose possible solutions to some deficiencies and inefficiencies. Second, we present HISS, a highly scalable and efficient key management scheme, able to contrast collusion attacks while displaying a graceful degradation of performance. Third, we present STaR, a software component for WSNs that secures multiple traffic flows at the same time. It is transparent to the application, and provides runtime reconfigurability, thus coping with dynamic changes of security requirements. Finally, we describe ASF, our attack simulation framework for WSNs. Such a tool helps network designers to quantitatively evaluate effects of security attacks, produce an attack ranking based on their severity, and thus select the most appropriate countermeasures

Two-Hop Monitoring Mechanism Based on Relaxed Flow Conservation Constraints against Selective Routing Attacks in Wireless Sensor Networks

In this paper, we investigate the problem of selective routing attack in wireless sensor networks by considering a novel threat, named the upstream-node effect, which limits the accuracy of the monitoring functions in deciding whether a monitored node is legitimate or malicious. To address this limitation, we propose a one-dimensional one-class classifier, named relaxed flow conservation constraint, as an intrusion detection scheme to counter the upstream node attack. Each node uses four types of relaxed flow conservation constraints to monitor all of its neighbors. Three constraints are applied by using one-hop knowledge, and the fourth one is calculated by monitoring two-hop information. The latter is obtained by proposing two-hop energy-efficient and secure reporting scheme. We theoretically analyze the security and performance of the proposed intrusion detection method. We also show the superiority of relaxed flow conservation constraint in defending against upstream node attack compared to other schemes. The simulation results show that the proposed intrusion detection system achieves good results in terms of detection effectiveness

Improving the security of wireless sensor networks

With the rapid technological advancements of sensors, Wireless Sensor Networks (WSNs) have become the main technology for the Internet of Things (IoT). We investigated the security of WSNs in an environmental monitoring system with the goal to improve the overall security. We implemented a Secure Temperature Monitoring System (STMS), which served as our investigational environment. Our results revealed a security flaw found in the bootstrap loader (BSL) password used to protect firmware in the MSP430 MCU chips. We demonstrated how the BSL password could be brute forced in a matter of days. Furthermore, we illustrate how an attacker can reverse engineer firmware and obtain copies of cryptographic keys. We contributed a solution to improve the BSL password and better protect firmware found in the MSP430 chips. The Secure-BSL software we contributed allows the randomization of the BSL password. Our solution increases the brute force time to decades. The impractical brute force time improves the security of firmware and prevents future reverse engineering tactics. In addition, our Secure-BSL software supports two-factor authentication that allows developers to specify a user-defined passphrase to further protect the MSP430 MCU. Our research serves as proof that any security implemented in a WSN environment is broken if an attacker has access to firmware found in sensor devices

Location dependent key management schemes supported by random selected cell reporters in wireless sensor networks

PhD ThesisIn order to secure vital and critical information inside Wireless Sensor Net- works (WSNs), a security requirement of data con dentiality, authenticity and availability should be guaranteed. The leading key management schemes are those that employ location information to generate security credentials. Therefore, this thesis proposes three novel location-dependent key manage- ment schemes. First, a novel Location-Dependent Key Management Protocol for a Single Base Station (LKMP-SBS) is presented. As a location-dependent scheme, the WSN zone is divided virtually into cells. Then, any event report generated by each particular cell is signed by a new type of endorsement called a cell- reporter signature, where cell-reporters are de ned as a set of nodes selected randomly by the BS out of the nodes located within the particular cell. This system is analysed and proved to outperform other schemes in terms of data security requirements. Regarding the data con dentiality, for three values of z (1,2,3) the improvement is 95%, 90% and 85% respectively when 1000 nodes are compromised. Furthermore, in terms of data authenticity an enhancement of 49%, 24%, 12.5% is gained using our approach with z = 1; 2; 3 respectively when half of all nodes are compromised. Finally, the optimum number of cell reporters is extensively investigated related to the security requirements, it is proven to be z = n 2 . The second contribution is the design of a novel Location-Dependent Key Man- agement Protocol for Multiple Base Stations (LKMP-MBS). In this scheme, di erent strategies of handling the WSN by multiple BSs is investigated. Ac- cordingly, the optimality of the scheme is analysed in terms of the number of cell reporters. Both data con dentiality and authenticity have been proven to be / e / 1 N . The optimum number of cell reporters had been calculated as zopt = n 2M , PM `=1 jz(`) optj = n 2M . Moreover, the security robustness of this scheme is analysed and proved to outperform relevant schemes in terms of data con- dentiality and authenticity. Furthermore, in comparison with LKMP-SBS, the adoption of multiple base stations is shown to be signi cantly important in improving the overall system security. The third contribution is the design of the novel Mobility- Enabled, Location- dependant Key Managment Protocol for Multiple BSs (MELKMP-MBS). This scheme presents a key management scheme, which is capable of serving a WSN with mobile nodes. Several types of handover are presented in order to main- tain the mobile node service availability during its movement between two zones in the network. Accordingly, the communication overhead of MELKMP- MBS is analysed, simulated and compared with the overhead of other schemes. Results show a signi cant improvement over other schemes in terms of han- dover e ciency and communication over head. Furthermore, the optimality of WSN design such as the value of N; n is investigated in terms of communi- cation overhead in all protocols and it is shown that the optimum number of nodes in each cell, which cause the minimum communication overhead in the network , is n = 3 p 2N.Ministry of Higher Education and Scienti c Research in Iraq and the Iraqi Cultural Attach e in Londo

Efficient Passive Clustering and Gateways selection MANETs

Passive clustering does not employ control packets to collect topological information in ad hoc networks. In our proposal, we avoid making frequent changes in cluster architecture due to repeated election and re-election of cluster heads and gateways. Our primary objective has been to make Passive Clustering more practical by employing optimal number of gateways and reduce the number of rebroadcast packets

Emerging Communications for Wireless Sensor Networks

Wireless sensor networks are deployed in a rapidly increasing number of arenas, with uses ranging from healthcare monitoring to industrial and environmental safety, as well as new ubiquitous computing devices that are becoming ever more pervasive in our interconnected society. This book presents a range of exciting developments in software communication technologies including some novel applications, such as in high altitude systems, ground heat exchangers and body sensor networks. Authors from leading institutions on four continents present their latest findings in the spirit of exchanging information and stimulating discussion in the WSN community worldwide

Peer production of Open Hardware: Unfinished artifacts and architectures in the hackerspaces

The dissertation adopts the theoretical framework of peer production to investigate the phenomena of open collaboration in hacker clubs through two case studies of small scale electronic artefacts. A critique of current theories of peer production is developed from a Science and Technology Studies point of view, arguing for the primacy of social constructivism over technological determinist narratives about the role of ICTs in late capitalism in general and hacker culture in particular. Properties of disruptive novelty and spontaneous emergence routinely attributed to ICTs – and by extension to the peer production practices of hackers – are approached sceptically with a historically informed ethnographic method that concentrates on continuities and contexts.La tesis adopta el marco teórico de la producción entre iguales para investigar los fenómenos de colaboración abierta en los clubs de hackers, a través de dos estudios de caso sobre artefactos electrónicos de pequeña escala. Se desarrolla una crítica de las teorías actuales sobre la producción entre iguales desde el punto de vista de los Estudios de Ciencia y Tecnología, defendiendo la primacía de la visión constructivista social por encima de las narrativas deterministas tecnológicas en el papel de las TIC en el capitalismo tardío, en general, y en la cultura hacker en particular. Nociones como la novedad perturbadora y la aparición espontánea, atribuidas habitualmente a las TIC y, por extensión, a las prácticas de producción entre iguales de los hackers, se tratan con escepticismo mediante un método etnográfico históricamente informado, que se concentra en las continuidades y contextos.La tesi adopta el marc teòric de la producció entre iguals per investigar els fenòmens de col·laboració oberta als clubs de hackers, a través de dos estudis de cas sobre artefactes electrònics de petita escala. S’hi desenvolupa una crítica de les teories actuals sobre la producció entre iguals des del punt de vista dels Estudis de Ciència i Tecnologia, defensant la primacia de la visió constructivista social per sobre de les narratives deterministes tecnològiques en el paper de les TIC en el capitalisme tardà, en general, i en la cultura hacker en particular. Nocions com la novetat pertorbadora i l’aparició espontània, atribuïdes habitualment a les TIC i, per extensió, a les pràctiques de producció entre iguals dels hackers, es tracten amb escepticisme mitjançant un mètode etnogràfic històricament informat, que es concentra en les continuïtats i els contextos.Societat de la informació i el coneixemen