An Authentication Protocol for Future Sensor Networks

Authentication is one of the essential security services in Wireless Sensor Networks (WSNs) for ensuring secure data sessions. Sensor node authentication ensures the confidentiality and validity of data collected by the sensor node, whereas user authentication guarantees that only legitimate users can access the sensor data. In a mobile WSN, sensor and user nodes move across the network and exchange data with multiple nodes, thus experiencing the authentication process multiple times. The integration of WSNs with Internet of Things (IoT) brings forth a new kind of WSN architecture along with stricter security requirements; for instance, a sensor node or a user node may need to establish multiple concurrent secure data sessions. With concurrent data sessions, the frequency of the re-authentication process increases in proportion to the number of concurrent connections, which makes the security issue even more challenging. The currently available authentication protocols were designed for the autonomous WSN and do not account for the above requirements. In this paper, we present a novel, lightweight and efficient key exchange and authentication protocol suite called the Secure Mobile Sensor Network (SMSN) Authentication Protocol. In the SMSN a mobile node goes through an initial authentication procedure and receives a re-authentication ticket from the base station. Later a mobile node can use this re-authentication ticket when establishing multiple data exchange sessions and/or when moving across the network. This scheme reduces the communication and computational complexity of the authentication process. We proved the strength of our protocol with rigorous security analysis and simulated the SMSN and previously proposed schemes in an automated protocol verifier tool. Finally, we compared the computational complexity and communication cost against well-known authentication protocols.Comment: This article is accepted for the publication in "Sensors" journal. 29 pages, 15 figure

A Survey on Wireless Sensor Network Security

Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed nature of these networks and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. This problem is more critical if the network is deployed for some mission-critical applications such as in a tactical battlefield. Random failure of nodes is also very likely in real-life deployment scenarios. Due to resource constraints in the sensor nodes, traditional security mechanisms with large overhead of computation and communication are infeasible in WSNs. Security in sensor networks is, therefore, a particularly challenging task. This paper discusses the current state of the art in security mechanisms for WSNs. Various types of attacks are discussed and their countermeasures presented. A brief discussion on the future direction of research in WSN security is also included.Comment: 24 pages, 4 figures, 2 table

slimIoT: Scalable Lightweight Attestation Protocol For the Internet of Things

The Internet of Things (IoT) is increasingly intertwined with critical industrial processes, yet contemporary IoT devices offer limited security features, creating a large new attack surface. Remote attestation is a well-known technique to detect cyber threats by remotely verifying the internal state of a networked embedded device through a trusted entity. Multi-device attestation has received little attention although current single-device approaches show limited scalability in IoT applications. Though recent work has yielded some proposals for scalable attestation, several aspects remain unexplored, and thus more research is required. This paper presents slimIoT, a scalable lightweight attestation protocol that is suitable for all IoT devices. slimIoT depends on an efficient broadcast authentication scheme along with symmetric key cryptography. It is resilient against a strong adversary with physical access to the IoT device. Our protocol is informative in the sense that it identifies the precise status of every device in the network. We implement and evaluate slimIoT considering many factors. On the one hand, our evaluation results show a low overhead in terms of memory footprint and runtime. On the other hand, simulations demonstrate that slimIoT is scalable, robust and highly efficient to be used in static and dynamic networks consisting of thousands of heterogenous IoT devices.Comment: This paper has been accepted at the 2018 IEEE Conference on Dependable and Secure Computing (DSC

Solutions and Tools for Secure Communication in Wireless Sensor Networks

Secure communication is considered a vital requirement in Wireless Sensor Network (WSN) applications. Such a requirement embraces different aspects, including confidentiality, integrity and authenticity of exchanged information, proper management of security material, and effective prevention and reaction against security threats and attacks. However, WSNs are mainly composed of resource-constrained devices. That is, network nodes feature reduced capabilities, especially in terms of memory storage, computing power, transmission rate, and energy availability. As a consequence, assuring secure communication in WSNs results to be more difficult than in other kinds of network. In fact, trading effectiveness of adopted solutions with their efficiency becomes far more important. In addition, specific device classes or technologies may require to design ad hoc security solutions. Also, it is necessary to efficiently manage security material, and dynamically cope with changes of security requirements. Finally, security threats and countermeasures have to be carefully considered since from the network design phase. This Ph.D. dissertion considers secure communication in WSNs, and provides the following contributions. First, we provide a performance evaluation of IEEE 802.15.4 security services. Then, we focus on the ZigBee technology and its security services, and propose possible solutions to some deficiencies and inefficiencies. Second, we present HISS, a highly scalable and efficient key management scheme, able to contrast collusion attacks while displaying a graceful degradation of performance. Third, we present STaR, a software component for WSNs that secures multiple traffic flows at the same time. It is transparent to the application, and provides runtime reconfigurability, thus coping with dynamic changes of security requirements. Finally, we describe ASF, our attack simulation framework for WSNs. Such a tool helps network designers to quantitatively evaluate effects of security attacks, produce an attack ranking based on their severity, and thus select the most appropriate countermeasures

TrusNet: Peer-to-Peer Cryptographic Authentication

Originally, the Internet was meant as a general purpose communication protocol, transferring primarily text documents between interested parties. Over time, documents expanded to include pictures, videos and even web pages. Increasingly, the Internet is being used to transfer a new kind of data which it was never designed for. In most ways, this new data type fits in naturally to the Internet, taking advantage of the near limit-less expanse of the protocol. Hardware protocols, unlike previous data types, provide a unique set security problem. Much like financial data, hardware protocols extended across the Internet must be protected with authentication. Currently, systems which do authenticate do so through a central server, utilizing a similar authentication model to the HTTPS protocol. This hierarchical model is often at odds with the needs of hardware protocols, particularly in ad-hoc networks where peer-to-peer communication is prioritized over a hierarchical model. Our project attempts to implement a peer-to-peer cryptographic authentication protocol to be used to protect hardware protocols extending over the Internet. The TrusNet project uses public-key cryptography to authenticate nodes on a distributed network, with each node locally managing a record of the public keys of nodes which it has encountered. These keys are used to secure data transmission between nodes and to authenticate the identities of nodes. TrusNet is designed to be used on multiple different types of network interfaces, but currently only has explicit hooks for Internet Protocol connections. As of June 2016, TrusNet has successfully achieved a basic authentication and communication protocol on Windows 7, OSX, Linux 14 and the Intel Edison. TrusNet uses RC-4 as its stream cipher and RSA as its public-key algorithm, although both of these are easily configurable. Along with the library, TrusNet also enables the building of a unit testing suite, a simple UI application designed to visualize the basics of the system and a build with hooks into the I/O pins of the Intel Edison allowing for a basic demonstration of the system