114 research outputs found
A secure over-the-air programming scheme in wireless sensor networks
Over-The-Air dissemination of code updates in Wireless Sensor Networks (WSNs) have been researchers’ point of interest in past a few years and more importantly security challenges toward remote propagation of code update have taken the majority of efforts in this context. Many security models have been proposed to establish a balance between the energy consumption and security strengthen with having their concentration on constraint nature of WSN nodes. For authentication purposes most of them have used Merkle-Hash-Tree to avoid using multiple public cryptography operations. These models mostly have assumed an environment in which security has to be in a standard level and therefore they have not investigated the tree structure for mission-critical situations in which security has to be in maximum possible extent (e.g. military zones). Two major problems have been identified in Merkle Tree structure which is used in Seluge scheme, including: 1) an exponential growth in number of overhead packets when block size of hash algorithm used in design is increased. 2) Limitation of using hash algorithms with larger block size of 11 bytes when payload size is set to 72 bytes. Then several existing security models are investigated for possible vulnerabilities and a set of countermeasures correspondingly named Security Model Requirements (SMR) is provided. After concentrating on Seluge’s design, a new secure Over-The-Air Programming (OTAP) scheme named Seluge++ is proposed that complies with SMR and replaces the use of inefficient Merkle Tree with a novel method
Recommended from our members
A New Wireless Sensor Node Design for Program Isolation and Power Flexibility
Over-the-air programming systems for wireless sensor networks have drawbacks that stem from fundamental limitations in the hardware used in current sensor nodes. Also, advances in technology make it feasible to use capacitors as the sole energy storage mechanism for sensor nodes using energy harvesting, but most current designs require additional electronics. These two considerations led to the design of a new sensor node. A microcontroller was chosen that meets the Popek and Goldberg virtualization requirements. The hardware design for this new sensor node is presented, as well as a preliminary operating system. The prototypes are tested, and demonstrated to be sustainable with a capacitor and solar panel. The issue of capacitor leakage is considered and measured
Seluge++: A Secure Over-the-Air Programming Scheme in Wireless Sensor Networks
Over-the-air dissemination of code updates in wireless sensor networks have been researchers’ point of interest in the last few years, and, more importantly, security challenges toward the remote propagation of code updating have occupied the majority of efforts in this context. Many security models have been proposed to establish a balance between the energy consumption and security strength, having their concentration on the constrained nature of wireless sensor network (WSN) nodes. For authentication purposes, most of them have used a Merkle hash tree to avoid using multiple public cryptography operations. These models mostly have assumed an environment in which security has to be at a standard level. Therefore, they have not investigated the tree structure for mission-critical situations in which security has to be at the maximum possible level (e.g., military applications, healthcare). Considering this, we investigate existing security models used in over-the-air dissemination of code updates for possible vulnerabilities, and then, we provide a set of countermeasures, correspondingly named Security Model Requirements. Based on the investigation, we concentrate on Seluge, one of the existing over-the-air programming schemes, and we propose an improved version of it, named Seluge++, which complies with the Security Model Requirements and replaces the use of the inefficient Merkle tree with a novel method. Analytical and simulation results show the improvements in Seluge++ compared to Seluge
Routing and Mobility on IPv6 over LoWPAN
The IoT means a world-wide network of interconnected objects based on standard communication
protocols. An object in this context is a quotidian physical device augmented with
sensing/actuating, processing, storing and communication capabilities. These objects must be
able to interact with the surrounding environment where they are placed and to cooperate with
neighbouring objects in order to accomplish a common objective. The IoT objects have also the
capabilities of converting the sensed data into automated instructions and communicating them
to other objects through the communication networks, avoiding the human intervention in several
tasks. Most of IoT deployments are based on small devices with restricted computational
resources and energy constraints. For this reason, initially the scientific community did not
consider the use of IP protocol suite in this scenarios because there was the perception that it
was too heavy to the available resources on such devices. Meanwhile, the scientific community
and the industry started to rethink about the use of IP protocol suite in all IoT devices and now
it is considered as the solution to provide connectivity between the IoT devices, independently
of the Layer 2 protocol in use, and to connect them to the Internet. Despite the use of IP suite
protocol in all devices and the amount of solutions proposed, many open issues remain unsolved
in order to reach a seamless integration between the IoT and the Internet and to provide the
conditions to IoT service widespread. This thesis addressed the challenges associated with the
interconnectivity between the Internet and the IoT devices and with the security aspects of
the IoT. In the interconnectivity between the IoT devices and the Internet the problem is how
to provide valuable information to the Internet connected devices, independently of the supported
IP protocol version, without being necessary accessed directly to the IoT nodes. In order
to solve this problem, solutions based on Representational state transfer (REST) web services
and IPv4 to IPv6 dual stack transition mechanism were proposed and evaluated. The REST web
service and the transition mechanism runs only at the border router without penalizing the IoT
constrained devices. The mitigation of the effects of internal and external security attacks
minimizing the overhead imposed on the IoT devices is the security challenge addressed in this
thesis. Three different solutions were proposed. The first is a mechanism to prevent remotely
initiated transport level Denial of Service attacks that avoids the use of inefficient and hard to
manage traditional firewalls. It is based on filtering at the border router the traffic received
from the Internet and destined to the IoT network according to the conditions announced by
each IoT device. The second is a network access security framework that can be used to control
the nodes that have access to the network, based on administrative approval, and to enforce
security compliance to the authorized nodes. The third is a network admission control framework
that prevents IoT unauthorized nodes to communicate with IoT authorized nodes or with
the Internet, which drastically reduces the number of possible security attacks. The network
admission control was also exploited as a management mechanism as it can be used to manage
the network size in terms of number of nodes, making the network more manageable, increasing
its reliability and extending its lifetime.A IoT (Internet of Things) tem suscitado o interesse tanto da comunidade académica como
da indústria, uma vez que os campos de aplicação são inúmeros assim como os potenciais ganhos
que podem ser obtidos através do uso deste tipo de tecnologia. A IoT significa uma rede
global de objetos ligados entre si através de uma rede de comunicações baseada em protocolos
standard. Neste contexto, um objeto Ă© um objeto fĂsico do dia a dia ao qual foi adicionada a
capacidade de medir e de atuar sobre variáveis fĂsicas, de processar e armazenar dados e de
comunicar. Estes objetos tĂŞm a capacidade de interagir com o meio ambiente envolvente e de
cooperar com outros objetos vizinhos de forma a atingirem um objetivo comum. Estes objetos
também têm a capacidade de converter os dados lidos em instruções e de as comunicar a outros
objetos através da rede de comunicações, evitando desta forma a intervenção humana em
diversas tarefas. A maior parte das concretizações de sistemas IoT são baseados em pequenos
dispositivos autĂłnomos com restrições ao nĂvel dos recursos computacionais e de retenção de
energia. Por esta razĂŁo, inicialmente a comunidade cientĂfica nĂŁo considerou adequado o uso
da pilha protocolar IP neste tipo de dispositivos, uma vez que havia a perceção de que era muito
pesada para os recursos computacionais disponĂveis. Entretanto, a comunidade cientĂfica e a
indĂşstria retomaram a discussĂŁo acerca dos benefĂcios do uso da pilha protocolar em todos os
dispositivos da IoT e atualmente é considerada a solução para estabelecer a conetividade entre
os dispositivos IoT independentemente do protocolo da camada dois em uso e para os ligar Ă
Internet. Apesar do uso da pilha protocolar IP em todos os dispositivos e da quantidade de
soluções propostas, sĂŁo vários os problemas por resolver no que concerne Ă integração contĂnua
e sem interrupções da IoT na Internet e de criar as condições para a adoção generalizada deste
tipo de tecnologias.
Esta tese versa sobre os desafios associados à integração da IoT na Internet e dos aspetos de
segurança da IoT. Relativamente à integração da IoT na Internet o problema é como fornecer
informação válida aos dispositivos ligados à Internet, independentemente da versão do protocolo
IP em uso, evitando o acesso direto aos dispositivos IoT. Para a resolução deste problema foram
propostas e avaliadas soluções baseadas em web services REST e em mecanismos de transição
IPv4 para IPv6 do tipo pilha dupla (dual stack). O web service e o mecanismo de transição são
suportados apenas no router de fronteira, sem penalizar os dispositivos IoT. No que concerne
à segurança, o problema é mitigar os efeitos dos ataques de segurança internos e externos
iniciados local e remotamente. Foram propostas três soluções diferentes, a primeira é um
mecanismo que minimiza os efeitos dos ataques de negação de serviço com origem na Internet e
que evita o uso de mecanismos de firewalls ineficientes e de gestĂŁo complexa. Este mecanismo
filtra no router de fronteira o tráfego com origem na Internet é destinado à IoT de acordo
com as condições anunciadas por cada um dos dispositivos IoT da rede. A segunda solução,
Ă© uma framework de network admission control que controla quais os dispositivos que podem
aceder Ă rede com base na autorização administrativa e que aplica polĂticas de conformidade
relativas à segurança aos dispositivos autorizados. A terceira é um mecanismo de network
admission control para redes 6LoWPAN que evita que dispositivos nĂŁo autorizados comuniquem
com outros dispositivos legĂtimos e com a Internet o que reduz drasticamente o nĂşmero de
ataques à segurança. Este mecanismo também foi explorado como um mecanismo de gestão uma
vez que pode ser utilizado a dimensĂŁo da rede quanto ao nĂşmero de dispositivos, tornando-a
mais fácil de gerir e aumentando a sua fiabilidade e o seu tempo de vida
Implementation of Secure Key Management Techniques in Wireless Sensor Networks
Creating a secure wireless sensor network involves authenticating and encrypting messages that are sent throughout the network. The communicating nodes must agree on secret keys in order to be able to encrypt packets. Sensor networks do not have many resources and so, achieving such key agreements is a difficult matter. Many key agreement schemes like Diffie-Hellman and public-key based schemes are not suitable for wireless sensor networks. Pre-distribution of secret keys for all pairs of nodes is not viable due to the large amount of memory used when the network size is large. We propose a novel key management system that works with the random key pre-distribution scheme where deployment knowledge is unknown. We show that our system saves users from spending substantial resources when deploying networks. We also test the new system’s memory usage, and security issues. The system and its performance evaluation are presented in this thesis
- …