Data Centric Storage Technologies: Analysis and Enhancement

This paper surveys the most relevant works of Data Centric Storage (DCS) for Wireless Sensor Networks. DCS is a research area that covers data dissemination and storage inside an ad-hoc sensor network. In addition, we present a Quadratic Adaptive Replication (QAR) scheme for DCS, which is a more adaptive multi-replication DCS system and outperforms previous proposals in the literature by reducing the overall network traffic that has a direct impact on energy consumption. Finally, we discuss the open research challenges for DCS

An Authentication Protocol for Future Sensor Networks

Authentication is one of the essential security services in Wireless Sensor Networks (WSNs) for ensuring secure data sessions. Sensor node authentication ensures the confidentiality and validity of data collected by the sensor node, whereas user authentication guarantees that only legitimate users can access the sensor data. In a mobile WSN, sensor and user nodes move across the network and exchange data with multiple nodes, thus experiencing the authentication process multiple times. The integration of WSNs with Internet of Things (IoT) brings forth a new kind of WSN architecture along with stricter security requirements; for instance, a sensor node or a user node may need to establish multiple concurrent secure data sessions. With concurrent data sessions, the frequency of the re-authentication process increases in proportion to the number of concurrent connections, which makes the security issue even more challenging. The currently available authentication protocols were designed for the autonomous WSN and do not account for the above requirements. In this paper, we present a novel, lightweight and efficient key exchange and authentication protocol suite called the Secure Mobile Sensor Network (SMSN) Authentication Protocol. In the SMSN a mobile node goes through an initial authentication procedure and receives a re-authentication ticket from the base station. Later a mobile node can use this re-authentication ticket when establishing multiple data exchange sessions and/or when moving across the network. This scheme reduces the communication and computational complexity of the authentication process. We proved the strength of our protocol with rigorous security analysis and simulated the SMSN and previously proposed schemes in an automated protocol verifier tool. Finally, we compared the computational complexity and communication cost against well-known authentication protocols.Comment: This article is accepted for the publication in "Sensors" journal. 29 pages, 15 figure

Context-aware collaborative storage and programming for mobile users

Since people generate and access most digital content from mobile devices, novel innovative mobile apps and services are possible. Most people are interested in sharing this content with communities defined by friendship, similar interests, or geography in exchange for valuable services from these innovative apps. At the same time, they want to own and control their content. Collaborative mobile computing is an ideal choice for this situation. However, due to the distributed nature of this computing environment and the limited resources on mobile devices, maintaining content availability and storage fairness as well as providing efficient programming frameworks are challenging. This dissertation explores several techniques to improve these shortcomings of collaborative mobile computing platforms. First, it proposes a medley of three techniques into one system, MobiStore, that offers content availability in mobile peer-to-peer networks: topology maintenance with robust connectivity, structural reorientation based on the current state of the network, and gossip-based hierarchical updates. Experimental results showed that MobiStore outperforms a state-of-the-art comparison system in terms of content availability and resource usage fairness. Next, the dissertation explores the usage of social relationship properties (i.e., network centrality) to improve the fairness of resource allocation for collaborative computing in peer-to-peer online social networks. The challenge is how to provide fairness in content replication for P2P-OSN, given that the peers in these networks exchange information only with one-hop neighbors. The proposed solution provides fairness by selecting the peers to replicate content based on their potential to introduce the storage skewness, which is determined from their structural properties in the network. The proposed solution, Philia, achieves higher content availability and storage fairness than several comparison systems. The dissertation concludes with a high-level distributed programming model, which efficiently uses computing resources on a cloud-assisted, collaborative mobile computing platform. This platform pairs mobile devices with virtual machines (VMs) in the cloud for increased execution performance and availability. On such a platform, two important challenges arise: first, pairing the two computing entities into a seamless computation, communication, and storage unit; and second, using the computing resources in a cost-effective way. This dissertation proposes Moitree, a distributed programming model and middleware that translates high-level programming constructs into events and provides the illusion of a single computing entity over the mobile-VM pairs. From programmers’ viewpoint, the Moitree API models user collaborations into dynamic groups formed over location, time, or social hierarchies. Experimental results from a prototype implementation show that Moitree is scalable, suitable for real-time apps, and can improve the performance of collaborating apps regarding latency and energy consumption

Key Management in Wireless Sensor Networks, IP-Based Sensor Networks, Content Centric Networks

Cryptographic keys and their management in network communication is considered the main building block of security over which other security primitives are based. These cryptographic keys ensure the privacy, authentication, integrity and non-repudiation of messages. However, the use of these cryptographic keys and their management in dealing with the resource constrained devices (i.e. Sensor nodes) is a challenging task. A number of key management schemes have been introduced by researchers all over the world for such resource constrained networks. For example, light weight PKI and elliptic curve cryptography schemes are computationally expensive for these resource constrained devices. So far the symmetric key approach is considered best for these constrained networks and different variants of it been developed for these networks (i.e. probabilistic key distribution approach). The probabilistic key distribution approach consumes less memory than the standard symmetric key approach but it suffers from the connectivity issues (i.e. the connectivity depends on the common shared keys between the nodes). Most of those schemes were proposed by considering static sensor networks (e.g. Industrial process monitoring, Environmental monitoring, movement detection in military applications, forests etc.). However, the use of these existing key management schemes for mobile wireless sensor networks applications introduces more challenges in terms of network connectivity, energy consumption, memory cost, communication overhead and protection of key materials against some well known attacks. Keeping these challenges in mind, previous research has proposed some key management schemes considering the mobility scenarios in ad hoc networks and wireless sensor networks (e.g. vehicular networks, health monitoring systems).However these schemes consume more resource because of a much higher communication packet exchange during the handover phase for the authentication of joining and leaving nodes than the static networks where there is no extra communication for the handover and authentication. The motivation of this research work is to investigate and propose new algorithms not only to improve the efficiency of these existing authentication and key management schemes in terms of connectivity, memory and security by considering the mobility scenario in wireless sensor networks, but also to develop new algorithms that suit these constrained networks than the existing schemes. First, we choose the existing key pool approach for authentication and key management and improve its network connectivity and resilience against some well known attacks (e.g. node capturing attacks) while reduce the memory cost by storing those key pools in each sensor node. In the proposed solution, we have divided the main key pool into two virtual mutually exclusive key pools. This division and constructing a key from two chosen keys, one from each key pool, helps to reduce the memory cost of each node by assigning fewer keys for the same level of network connectivity as the existing key pool frameworks. Although, the proposed key pool approach increases the network resilience against node compromission attacks because of the smaller number of keys assigned to each node, however it does not completely nullify the effect of the attacks. Hence we proposed an online mutual authentication and key establishment and management scheme for sensor networks that provides almost 100\% network connectivity and also nullifies the effect of node compromission attacks. In the proposed online key generation approach, the secret key is dependent on both communicating parties. Once the two communicating parties authenticate each other, they would successfully establish a secret communication key, otherwise they stop communication and inform the network manager about the intruder detection and activity. The last part of the thesis considers the integration of two different technologies (i.e. wireless sensor networks and IP networks). This is a very interesting and demanding research area because of its numerous applications, such as smart energy, smart city etc.. However the security requirements of these two kind of networks (resource constrained and resourceful) make key management a challenging task. Hence we use an online key generation approach using elliptic curve cryptography which gives the same security level as the standard PKI approach used in IP networks with smaller key length and is suited for the sensor network packet size limitations. It also uses a less computationally expensive approach than PKI and hence makes ECC suitable to be adopted in wireless sensor networks. In the key management scheme for IP based sensor networks, we generate the public private key pair based on ECC for each individual sensor node. However the public key is not only dependent on the node's parameter but also the parameters of the network to which it belongs. This increases the security of the proposed solution and avoids intruders pretending to be authentic members of the network(s) by spreading their own public keys. In the last part of the thesis we consider Content Centric Networking (CCN) which is a new routing architecture for the internet of the future. Building on the observation that today's communications are more oriented towards content retrieval (web, P2P, etc.) than point-to-point communications (VoIP, IM, etc.), CCN proposes a radical revision of the Internet architecture switching from named hosts (TCP/IP protocols) to named data to best match its current usage. In a nutshell, content is addressable, routable, self-sufficient and authenticated, while locations no longer matter. Data is seen and identified directly by a routable name instead of a location (the address of the server). Consequently, data is directly requested at the network level not from its holder, hence there is no need for the DNS). To improve content diffusion, CCN relies on data distribution and duplication, because storage is cheaper than bandwidth: every content - particularly popular one - can be replicated and stored on any CCN node, even untrustworthy. People looking for particular content can securely retrieve it in a P2P-way from the best locations available. So far, there has been little investigation of the security of CCNs and there is no specific key management scheme for that. We propose an authentication and key establishment scheme for CCNs in which the contents are authenticated by the content generating node, using pre-distributed shares of encryption keys. The content requesting node can get those shares from any node in the network, even from malicious and intruder ones, in accordance with a key concept of CCNs. In our work we also provide means to protect the distributed shares from modification by these malicious/intruder nodes. The proposed scheme is again an online key generation approach but including a relation between the content and its encryption key. This dependency prevents the attackers from modifying the packet or the key share

Information discovery in multi-dimensional autonomous wireless sensor networks

 The thesis proposed four novel algorithms of information discovery for Multidimensional Autonomous Wireless Sensor Networks (WSNs) that can significantly increase network lifetime and minimize query processing latency, resulting in quality of service improvements that are of immense benefit to Multidimensional Autonomous WSNs are deployed in complex environments (e.g., mission-critical applications)

Adaptive Square-Shaped Trajectory-Based Service Location Protocol in Wireless Sensor Networks

In this paper we propose an adaptive square-shaped trajectory (ASST)-based service location method to ensure load scalability in wireless sensor networks. This first establishes a square-shaped trajectory over the nodes that surround a target point computed by the hash function and any user can access it, using the hash. Both the width and the size of the trajectory are dynamically adjustable, depending on the number of queries made to the service information on the trajectory. The number of sensor nodes on the trajectory varies in proportion to the changing trajectory shape, allowing high loads to be distributed around the hot spot area

Communication Security in Wireless Sensor Networks

A wireless sensor network (WSN) usually consists of a large number of small, low-cost devices that have limited energy supply, computation, memory, and communication capacities. Recently, WSNs have drawn a lot of attention due to their broad applications in both military and civilian domains. Communication security is essential to the success of WSN applications, especially for those mission-critical applications working in unattended and even hostile environments. However, providing satisfactory security protection in WSNs has ever been a challenging task due to various network & resource constraints and malicious attacks. This motivates the research on communication security for WSNs. This dissertation studies communication security in WSNs with respect to three important aspects. The first study addresses broadcast/multicast security in WSNs. We propose a multi-user broadcast authentication technique, which overcomes the security vulnerability of existing solutions. The proposed scheme guarantees immediate broadcast authentication by employing public key cryptography, and achieves the efficiency through integrating various techniques from different domains. We also address multicast encryption to solve data confidentiality concern for secure multicast. We propose an efficient multicast key management scheme supporting a wide range of multicast semantics, which utilizes the fact that sensors are both routers and end-receivers. The second study addresses data report security in WSNs. We propose a location-aware end-to-end security framework for WSNs, in which secret keys are bound to geographic locations so that the impact of sensor compromise are limited only to their vicinity. The proposed scheme effectively defeats not only bogus data injection attacks but also various DoS attacks. In this study, we also address event boundary detection as a specific case of secure data aggregation in WSNs. We propose a secure and fault-tolerant event boundary detection scheme, which securely detects the boundaries of large spatial events in a localized statistic manner. The third study addresses random key pre-distribution in WSNs. We propose a keyed-hash-chain-based key pool generation technique, which leads to a more efficient key pre-distribution scheme with better security resilience in the case of sensor compromise

Key Management in Wireless Sensor Networks, IP-Based Sensor Networks, Content Centric Networks

Cryptographic keys and their management in network communication is considered the main building block of security over which other security primitives are based. These cryptographic keys ensure the privacy, authentication, integrity and non-repudiation of messages. However, the use of these cryptographic keys and their management in dealing with the resource constrained devices (i.e. Sensor nodes) is a challenging task. A number of key management schemes have been introduced by researchers all over the world for such resource constrained networks. For example, light weight PKI and elliptic curve cryptography schemes are computationally expensive for these resource constrained devices. So far the symmetric key approach is considered best for these constrained networks and different variants of it been developed for these networks (i.e. probabilistic key distribution approach). The probabilistic key distribution approach consumes less memory than the standard symmetric key approach but it suffers from the connectivity issues (i.e. the connectivity depends on the common shared keys between the nodes). Most of those schemes were proposed by considering static sensor networks (e.g. Industrial process monitoring, Environmental monitoring, movement detection in military applications, forests etc.). However, the use of these existing key management schemes for mobile wireless sensor networks applications introduces more challenges in terms of network connectivity, energy consumption, memory cost, communication overhead and protection of key materials against some well known attacks. Keeping these challenges in mind, previous research has proposed some key management schemes considering the mobility scenarios in ad hoc networks and wireless sensor networks (e.g. vehicular networks, health monitoring systems).However these schemes consume more resource because of a much higher communication packet exchange during the handover phase for the authentication of joining and leaving nodes than the static networks where there is no extra communication for the handover and authentication. The motivation of this research work is to investigate and propose new algorithms not only to improve the efficiency of these existing authentication and key management schemes in terms of connectivity, memory and security by considering the mobility scenario in wireless sensor networks, but also to develop new algorithms that suit these constrained networks than the existing schemes. First, we choose the existing key pool approach for authentication and key management and improve its network connectivity and resilience against some well known attacks (e.g. node capturing attacks) while reduce the memory cost by storing those key pools in each sensor node. In the proposed solution, we have divided the main key pool into two virtual mutually exclusive key pools. This division and constructing a key from two chosen keys, one from each key pool, helps to reduce the memory cost of each node by assigning fewer keys for the same level of network connectivity as the existing key pool frameworks. Although, the proposed key pool approach increases the network resilience against node compromission attacks because of the smaller number of keys assigned to each node, however it does not completely nullify the effect of the attacks. Hence we proposed an online mutual authentication and key establishment and management scheme for sensor networks that provides almost 100\% network connectivity and also nullifies the effect of node compromission attacks. In the proposed online key generation approach, the secret key is dependent on both communicating parties. Once the two communicating parties authenticate each other, they would successfully establish a secret communication key, otherwise they stop communication and inform the network manager about the intruder detection and activity. The last part of the thesis considers the integration of two different technologies (i.e. wireless sensor networks and IP networks). This is a very interesting and demanding research area because of its numerous applications, such as smart energy, smart city etc.. However the security requirements of these two kind of networks (resource constrained and resourceful) make key management a challenging task. Hence we use an online key generation approach using elliptic curve cryptography which gives the same security level as the standard PKI approach used in IP networks with smaller key length and is suited for the sensor network packet size limitations. It also uses a less computationally expensive approach than PKI and hence makes ECC suitable to be adopted in wireless sensor networks. In the key management scheme for IP based sensor networks, we generate the public private key pair based on ECC for each individual sensor node. However the public key is not only dependent on the node's parameter but also the parameters of the network to which it belongs. This increases the security of the proposed solution and avoids intruders pretending to be authentic members of the network(s) by spreading their own public keys. In the last part of the thesis we consider Content Centric Networking (CCN) which is a new routing architecture for the internet of the future. Building on the observation that today's communications are more oriented towards content retrieval (web, P2P, etc.) than point-to-point communications (VoIP, IM, etc.), CCN proposes a radical revision of the Internet architecture switching from named hosts (TCP/IP protocols) to named data to best match its current usage. In a nutshell, content is addressable, routable, self-sufficient and authenticated, while locations no longer matter. Data is seen and identified directly by a routable name instead of a location (the address of the server). Consequently, data is directly requested at the network level not from its holder, hence there is no need for the DNS). To improve content diffusion, CCN relies on data distribution and duplication, because storage is cheaper than bandwidth: every content - particularly popular one - can be replicated and stored on any CCN node, even untrustworthy. People looking for particular content can securely retrieve it in a P2P-way from the best locations available. So far, there has been little investigation of the security of CCNs and there is no specific key management scheme for that. We propose an authentication and key establishment scheme for CCNs in which the contents are authenticated by the content generating node, using pre-distributed shares of encryption keys. The content requesting node can get those shares from any node in the network, even from malicious and intruder ones, in accordance with a key concept of CCNs. In our work we also provide means to protect the distributed shares from modification by these malicious/intruder nodes. The proposed scheme is again an online key generation approach but including a relation between the content and its encryption key. This dependency prevents the attackers from modifying the packet or the key shares