Novel Order preserving encryption Scheme for Wireless Sensor Networks

International audienceAn Order-Preserving Encryption (OPE) scheme is a deterministic cipher scheme, whose encryption algorithm produces cipher texts that preserve the numerical ordering of the plain-texts. It is based on strictly increasing functions. It is a kind of homomorphic encryption where the homomorphic operation is order comparison. This means that comparing encrypted data provides the exact result than comparing the original data. It is attractive to be used in databases, especially in cloud ones as a method to enhance security, since it allows applications to perform order queries over encrypted data efficiently (without the need of decrypting the data). Wireless sensor network is another potential domain in which order preserving encryption can be adopted and used with high impact. It can be integrated with secure data aggregation protocols that use comparison operations to aggregate data (MAX, MIN, etc.) in a way that no decryption is being performed on the sensor nodes, which means directly less power consumption. In this paper, we will review many existing order-preserving encryption schemes with their related brief explanation, efficiency level, and security. Then, and based on the comparative table generated, we will propose a novel order-preserving encryption scheme that has a good efficiency level and less complexity, in order to be used in a wireless sensor network with an enhanced level of security

Multiple Secret Keys based Security for Wireless Sensor Networks

We propose a security approach that uses secret key cryptography and key management along with re-keying support. A salient feature of our approach is that a secret key is embedded in the source code of every node to protect the other keys in its non-volatile memory. Even the node is captured physically; the sensitive information cannot be retrieved. Our key selection protocol uses the node ID and some basic rotate and multiplication function to select the key for current data transmission. Because of this dynamic key selection, our approach identifies the replay attack, DoS attack and Sybil attack. Our simulation results shows that our security mechanism efficiently controls various attacks with lower resource requirements and the network resilience against node capture is substantially improved

SEGURANÇA EM INFRAESTRUTURA PARA INTERNET DAS COISAS

O conceito de Internet das coisas (Internet of Things - IoT) pressupõe que objetos comuns possam estar interligados à Internet, de modo a dotá-los da inteligência necessária para interagir e, de algum modo, auxiliar a vida das pessoas por meio da coleta de dados físicos, processamento e promoção de respostas através de atuadores eletromecânicos. Além do desenvolvimento de tecnologias há de se efetuar a pesquisa e o tratamento dos aspectos de segurança aplicáveis em infraestrutura para Internet das coisas. Dessa forma, este artigo visa primeiro repassar os conceitos teóricos básicos sobre os elementos que compõe a infraestrutura para Internet das Coisas, com destaque para rede de sensores sem fio, middleware e computação em nuvem. Em seguida o trabalho faz um levantamento e discute os desafios e soluções adequadas para a segurança em infraestrutura para Internet das Coisas, em específico a necessidade de manutenção da privacidade dos usuários como também a busca pela interoperabilidade entre os diversos dispositivos inteligentes. Ao final o estudo realiza uma comparação de algumas implementações em infraestrutura para Internet das Coisas em termos de atendimento aos requisitos de segurança da informação: confidencialidade, integridade, disponibilidade, autenticação, controle de acesso e não repúdio e registra os desafios e trabalhos futuros na área

Low-complexity, low-area computer architectures for cryptographic application in resource constrained environments

RCE (Resource Constrained Environment) is known for its stringent hardware design requirements. With the rise of Internet of Things (IoT), low-complexity and low-area designs are becoming prominent in the face of complex security threats. Two low-complexity, low-area cryptographic processors based on the ultimate reduced instruction set computer (URISC) are created to provide security features for wireless visual sensor networks (WVSN) by using field-programmable gate array (FPGA) based visual processors typically used in RCEs. The first processor is the Two Instruction Set Computer (TISC) running the Skipjack cipher. To improve security, a Compact Instruction Set Architecture (CISA) processor running the full AES with modified S-Box was created. The modified S-Box achieved a gate count reduction of 23% with no functional compromise compared to Boyar’s. Using the Spartan-3L XC3S1500L-4-FG320 FPGA, the implementation of the TISC occupies 71 slices and 1 block RAM. The TISC achieved a throughput of 46.38 kbps at a stable 24MHz clock. The CISA which occupies 157 slices and 1 block RAM, achieved a throughput of 119.3 kbps at a stable 24MHz clock. The CISA processor is demonstrated in two main applications, the first in a multilevel, multi cipher architecture (MMA) with two modes of operation, (1) by selecting cipher programs (primitives) and sharing crypto-blocks, (2) by using simple authentication, key renewal schemes, and showing perceptual improvements over direct AES on images. The second application demonstrates the use of the CISA processor as part of a selective encryption architecture (SEA) in combination with the millions instructions per second set partitioning in hierarchical trees (MIPS SPIHT) visual processor. The SEA is implemented on a Celoxica RC203 Vertex XC2V3000 FPGA occupying 6251 slices and a visual sensor is used to capture real world images. Four images frames were captured from a camera sensor, compressed, selectively encrypted, and sent over to a PC environment for decryption. The final design emulates a working visual sensor, from on node processing and encryption to back-end data processing on a server computer

System for Malicious Node Detection in IPv6-based Wireless Sensor Networks

U posljednje vrijeme javlja se trend implementacije IPv6 protokola u bežične senzorske mreže (BSM) kao posljedica težnje ka njihovoj integraciji sa drugim vrstama mreža temeljenih na IP protokolu. Ova disertacija bavi se sigurnosnim aspektima ovih IPv6- temeljenih BSM. Nakon kraćeg pregleda koncepta BSM detaljnije se razrađuje postupak implementacije IPv6 protokola u BSM. Potom slijedi detaljna analiza sigurnosnih prijetnji i napada prisutnih u IPv6-temeljenim BSM. Za neke od njih dane su i moguće protumjere. Nadalje, dan je prijedlog novog modularnog sigurnosnog okvira za IPv6 temeljene BSM. Objašnjeni su struktura i funkcije njegovih modula, te su dane preporuke za njihovu implementaciju. Također, dano je i rješenje distribuiranog adaptivnog sustava za otkrivanje zlonamjernih čvorova u IPv6-temeljenim BSM. Sustav se temelji na distribuiranim algoritmima i postupku kolektivnog odlučivanja. Predloženi sustav uvodi inovativni koncept procjene vjerojatnosti zlonamjernog ponašanja senzorskih čvorova. Sustav je implementiran i testiran kroz više različitih scenarija u tri različite mrežne topologije. U konačnici, provedena analiza pokazala je da je predloženi sustav energetski učinkovit i da pokazuje dobru sposobnost detekcije zlonamjernih čvorova.Recently occures the trend of implementation of the IPv6 protocol into wireless sensor networks (WSN) as a consequence of tendency of their integration with other types of IPbased networks. This thesis deals with the security aspects of these IPv6-based WSN. After short review of the WSN concept, the implementation process of the IPv6 protocol into WSN is elaborated in more details. Afterwards, there is a detailed analysis of security threats and attacks which are present in IPv6-based WSN. For some of them possible countermeasures are given. Furthermore, the proposal of the novel and modular security framework for IPv6- based WSN is given. The structure and the functions of its modules are explained, and recommendations for their implementation are given. Also, the solution of adaptive distributed system for malicious node detection in IPv6-based WSN is given. The system is based on distributed algorithms and collective decision-making process. Proposed system introduces innovative concept of probability estimation for malicious behavior of sensor nodes. The system is implemented and tested through several different scenarios in three different network topologies. Finally, performed analysis showed that proposed system is energy efficient and has good capability for detection of malicious nodes

System for Malicious Node Detection in IPv6-based Wireless Sensor Networks

U posljednje vrijeme javlja se trend implementacije IPv6 protokola u bežične senzorske mreže (BSM) kao posljedica težnje ka njihovoj integraciji sa drugim vrstama mreža temeljenih na IP protokolu. Ova disertacija bavi se sigurnosnim aspektima ovih IPv6- temeljenih BSM. Nakon kraćeg pregleda koncepta BSM detaljnije se razrađuje postupak implementacije IPv6 protokola u BSM. Potom slijedi detaljna analiza sigurnosnih prijetnji i napada prisutnih u IPv6-temeljenim BSM. Za neke od njih dane su i moguće protumjere. Nadalje, dan je prijedlog novog modularnog sigurnosnog okvira za IPv6 temeljene BSM. Objašnjeni su struktura i funkcije njegovih modula, te su dane preporuke za njihovu implementaciju. Također, dano je i rješenje distribuiranog adaptivnog sustava za otkrivanje zlonamjernih čvorova u IPv6-temeljenim BSM. Sustav se temelji na distribuiranim algoritmima i postupku kolektivnog odlučivanja. Predloženi sustav uvodi inovativni koncept procjene vjerojatnosti zlonamjernog ponašanja senzorskih čvorova. Sustav je implementiran i testiran kroz više različitih scenarija u tri različite mrežne topologije. U konačnici, provedena analiza pokazala je da je predloženi sustav energetski učinkovit i da pokazuje dobru sposobnost detekcije zlonamjernih čvorova.Recently occures the trend of implementation of the IPv6 protocol into wireless sensor networks (WSN) as a consequence of tendency of their integration with other types of IPbased networks. This thesis deals with the security aspects of these IPv6-based WSN. After short review of the WSN concept, the implementation process of the IPv6 protocol into WSN is elaborated in more details. Afterwards, there is a detailed analysis of security threats and attacks which are present in IPv6-based WSN. For some of them possible countermeasures are given. Furthermore, the proposal of the novel and modular security framework for IPv6- based WSN is given. The structure and the functions of its modules are explained, and recommendations for their implementation are given. Also, the solution of adaptive distributed system for malicious node detection in IPv6-based WSN is given. The system is based on distributed algorithms and collective decision-making process. Proposed system introduces innovative concept of probability estimation for malicious behavior of sensor nodes. The system is implemented and tested through several different scenarios in three different network topologies. Finally, performed analysis showed that proposed system is energy efficient and has good capability for detection of malicious nodes

System for Malicious Node Detection in IPv6-based Wireless Sensor Networks

U posljednje vrijeme javlja se trend implementacije IPv6 protokola u bežične senzorske mreže (BSM) kao posljedica težnje ka njihovoj integraciji sa drugim vrstama mreža temeljenih na IP protokolu. Ova disertacija bavi se sigurnosnim aspektima ovih IPv6- temeljenih BSM. Nakon kraćeg pregleda koncepta BSM detaljnije se razrađuje postupak implementacije IPv6 protokola u BSM. Potom slijedi detaljna analiza sigurnosnih prijetnji i napada prisutnih u IPv6-temeljenim BSM. Za neke od njih dane su i moguće protumjere. Nadalje, dan je prijedlog novog modularnog sigurnosnog okvira za IPv6 temeljene BSM. Objašnjeni su struktura i funkcije njegovih modula, te su dane preporuke za njihovu implementaciju. Također, dano je i rješenje distribuiranog adaptivnog sustava za otkrivanje zlonamjernih čvorova u IPv6-temeljenim BSM. Sustav se temelji na distribuiranim algoritmima i postupku kolektivnog odlučivanja. Predloženi sustav uvodi inovativni koncept procjene vjerojatnosti zlonamjernog ponašanja senzorskih čvorova. Sustav je implementiran i testiran kroz više različitih scenarija u tri različite mrežne topologije. U konačnici, provedena analiza pokazala je da je predloženi sustav energetski učinkovit i da pokazuje dobru sposobnost detekcije zlonamjernih čvorova.Recently occures the trend of implementation of the IPv6 protocol into wireless sensor networks (WSN) as a consequence of tendency of their integration with other types of IPbased networks. This thesis deals with the security aspects of these IPv6-based WSN. After short review of the WSN concept, the implementation process of the IPv6 protocol into WSN is elaborated in more details. Afterwards, there is a detailed analysis of security threats and attacks which are present in IPv6-based WSN. For some of them possible countermeasures are given. Furthermore, the proposal of the novel and modular security framework for IPv6- based WSN is given. The structure and the functions of its modules are explained, and recommendations for their implementation are given. Also, the solution of adaptive distributed system for malicious node detection in IPv6-based WSN is given. The system is based on distributed algorithms and collective decision-making process. Proposed system introduces innovative concept of probability estimation for malicious behavior of sensor nodes. The system is implemented and tested through several different scenarios in three different network topologies. Finally, performed analysis showed that proposed system is energy efficient and has good capability for detection of malicious nodes

Low-complexity, low-area computer architectures for cryptographic application in resource constrained environments

RCE (Resource Constrained Environment) is known for its stringent hardware design requirements. With the rise of Internet of Things (IoT), low-complexity and low-area designs are becoming prominent in the face of complex security threats. Two low-complexity, low-area cryptographic processors based on the ultimate reduced instruction set computer (URISC) are created to provide security features for wireless visual sensor networks (WVSN) by using field-programmable gate array (FPGA) based visual processors typically used in RCEs. The first processor is the Two Instruction Set Computer (TISC) running the Skipjack cipher. To improve security, a Compact Instruction Set Architecture (CISA) processor running the full AES with modified S-Box was created. The modified S-Box achieved a gate count reduction of 23% with no functional compromise compared to Boyar’s. Using the Spartan-3L XC3S1500L-4-FG320 FPGA, the implementation of the TISC occupies 71 slices and 1 block RAM. The TISC achieved a throughput of 46.38 kbps at a stable 24MHz clock. The CISA which occupies 157 slices and 1 block RAM, achieved a throughput of 119.3 kbps at a stable 24MHz clock. The CISA processor is demonstrated in two main applications, the first in a multilevel, multi cipher architecture (MMA) with two modes of operation, (1) by selecting cipher programs (primitives) and sharing crypto-blocks, (2) by using simple authentication, key renewal schemes, and showing perceptual improvements over direct AES on images. The second application demonstrates the use of the CISA processor as part of a selective encryption architecture (SEA) in combination with the millions instructions per second set partitioning in hierarchical trees (MIPS SPIHT) visual processor. The SEA is implemented on a Celoxica RC203 Vertex XC2V3000 FPGA occupying 6251 slices and a visual sensor is used to capture real world images. Four images frames were captured from a camera sensor, compressed, selectively encrypted, and sent over to a PC environment for decryption. The final design emulates a working visual sensor, from on node processing and encryption to back-end data processing on a server computer

A Complete Security Framework for Wireless Sensor Networks: Theory and Practice

International audienceWireless sensor networks are often deployed in public or otherwise untrusted and even hostile environments, which prompt a number of security issues. Although security is a necessity in other types of networks, it is much more so in sensor networks due to the resource-constraint, susceptibility to physical capture, and wireless nature. Till now, most of the security approaches proposed for sensor networks present single solution for particular and single problem. Therefore, to address the special security needs of sensor networks as a whole we introduce a security framework. In their framework, the authors emphasize the following areas: (1) secure communication infrastructure, (2) secure scheduling, and (3) a secure data aggregation algorithm. Due to resource constraints, specific strategies are often necessary to preserve the network's lifetime and its quality of service. For instance, to reduce communication costs, data can be aggregated through the network, or nodes can go to sleep mode periodically (nodes scheduling). These strategies must be proven as secure, but protocols used to guarantee this security must be compatible with the resource preservation requirement. To achieve this goal, secure communications in such networks will be defined, together with the notions of secure scheduling and secure aggregation. The concepts of indistinguability, nonmalleability, and message detection resistance will thus be adapted to communications in wireless sensor networks. Finally, some of these security properties will be evaluated in concrete case studies