62 research outputs found
Authentication in Reprogramming of Sensor Networks for Mote Class Adversaries
Reprogramming is an essential service for wireless sensor networks. Authenticating reprogramming process is impor-tant as sensors need to verify that the code image is truly from a trusted source. There are two ways to achieve authentica-tion: public key based and symmetric key based. Although previous work has shown that public key authentication is feasible on sensor nodes if used sparingly, it is still quite ex-pensive compared to symmetric key based approach. In this paper, we propose a symmetric key based protocol for au-thenticating reprogramming process. Our protocol is based on the secret instantiation algorithm from [5, 11], which re-quires only O(log n) keys to be maintained at each sensor. We integrate this algorithm with the existing reprogramming protocol. Through simulation, we show that it is able to au-thenticate reprogramming process at very low communica-tion cost, and has very short delay
Implementation of Secure Key Management Techniques in Wireless Sensor Networks
Creating a secure wireless sensor network involves authenticating and encrypting messages that are sent throughout the network. The communicating nodes must agree on secret keys in order to be able to encrypt packets. Sensor networks do not have many resources and so, achieving such key agreements is a difficult matter. Many key agreement schemes like Diffie-Hellman and public-key based schemes are not suitable for wireless sensor networks. Pre-distribution of secret keys for all pairs of nodes is not viable due to the large amount of memory used when the network size is large. We propose a novel key management system that works with the random key pre-distribution scheme where deployment knowledge is unknown. We show that our system saves users from spending substantial resources when deploying networks. We also test the new system’s memory usage, and security issues. The system and its performance evaluation are presented in this thesis
A Holistic Analysis of Internet of Things (IoT) Security : Principles, Practices, and New Perspectives
Peer reviewedPublisher PD
Access Control in Wireless Sensor Networks
Wireless sensor networks consist of a large amount of sensor nodes, small low-cost wireless computing devices equipped with different sensors. Sensor networks collect and process environmental data and can be used for habitat monitoring, precision agriculture, wildfire detection, structural health monitoring and many other applications. Securing sensor networks calls for novel solutions, especially because of their unattended deployment and strong resource limitations. Moreover, developing security solutions without knowing precisely against what threats the system should be protected is impossible. Thus, the first task in securing sensor networks is to define a realistic adversary model. We systematically investigate vulnerabilities in sensor networks, specifically focusing on physical attacks on sensor node hardware. These are all attacks that require direct physical access to the sensor nodes. Most severe attacks of this kind are also known as node capture, or node compromise. Based on the vulnerability analysis, we present a novel general adversary model for sensor networks. If the data collected within a sensor network is valuable or should be kept confidential then the data should be protected from unauthorized access. We determine security issues in the context of access control in sensor networks in presence of node capture attacks and develop protocols for broadcast authentication that constitute the core of our solutions for access control. We develop broadcast authentication protocols for the case where the adversary can capture up to some threshold t sensor nodes. The developed protocols offer absolute protection while not more than t nodes are captured, but their security breaks completely otherwise. Moreover, security in this case comes at a high cost, as the resource requirements for the protocols grow rapidly with t. One of the most popular ways to overcome impossibility or inefficiency of solutions in distributed systems is to make the protocol goals probabilistic. We therefore develop efficient probabilistic protocols for broadcast authentication. Security of these protocols degrades gracefully with the increasing number of captured nodes. We conclude that the perfect threshold security is less appropriate for sensor networks than the probabilistic approach. Gracefully degrading security offers better scalability and saves resources, and should be considered as a promising security paradigm for sensor networks
Detecting malfunction in wireless sensor networks
The objective of this thesis is to detect malfunctioning sensors in wireless sensor networks. The ability to detect abnormality is critical to the security of any sensor network. However, the ability to detect a faulty wireless sensor is not trivial. Controlled repeatable experiments are difficult in wireless channels. A Redhat Linux. 7.0 Wireless Emulation Dynamic Switch software was used to solve this problem.
Six nodes were configured with a node acting as a base station. The nodes were all part of a cell. This means that every node could communicate with all other nodes. A client-server program simulated the background traffic. Another program simulated a faulty node. A node was isolated as the faulty node while all other nodes were good. The experiment ran for several hours and the data was captured with tcpdump. The data was analyzed to conclusions based on a statistical comparison of good node versus bad node.
The statistical delay on the good node was an average of 0.69 ms while the standard deviation was 0.49. This was much better than the delay on the bad node that was 0.225192 s with a standard deviation of 0.89. This huge difference in the delay indicated that the faulty node was detected statistically. A threshold value of I ms was chosen. The good node was within this value about 98% of the time. The bad node on the other hand was far out of this range and was definitely detected. The channel utilization data provided the same conclusion
Secure network programming in wireless sensor networks
Network programming is one of the most important applications in Wireless Sensor Networks as It provides an efficient way to update program Images running on sensor nodes without physical access to them. Securing these updates, however, remains a challenging and important issue, given the open deployment environment of sensor nodes. Though several security schemes have been proposed to impose the authenticity and Integrity protection on network programming applications, they are either energy Inefficient as they tend to use digital signature or lacks the data confidentiality. In addition, due to the absence of secure memory management in the current sensor hardware, the attacker could inject malicious code into the program flash by exploiting buffer overflow In the memory despite the secure code dissemination.
The contribution of this thesis Is to provide two software-based security protocols and one hardware-based remote attestation protocol for network programming application.
Our first protocol deploys multiple one-way key chains for a multi-hop sensor network. The scheme Is shown to be lower In computational, power consumption and communication costs yet still able to secure multi•hop propagation of program images.
Our second protocol utilizes an Iterative hash structure to the data packets in network programming application, ensuring the data confidentiality and authenticity. In addition, we Integrated confidentiality and DoS-attack-resistance in a multi•hop code dissemination protocol.
Our final solution is a hardware-based remote attestation protocol for verification of running codes on sensor nodes. An additional piece of tamper-proof hardware, Trusted Platform Module (TPM), is imposed into the sensor nodes. It secures the sensitive information (e.g., the session key) from attackers and monitors any platform environment changes with the Internal registers. With these features of TPM, the code Injection attack could be detected and removed when the contaminated nodes are challenged in our remote attestation protocol.
We implement the first two software-based protocols with Deluge as the reference network programming protocol in TinyOS, evaluate them with the extensive simulation using TOSSIM and validate the simulation results with experiments using Tmote. We implement the remote attestation protocol on Fleck, a sensor platform developed by CSIRO that Integrates an Atmel TPM chip
- …