Security and Privacy in Heterogeneous Wireless and Mobile Networks: Challenges and Solutions

abstract: The rapid advances in wireless communications and networking have given rise to a number of emerging heterogeneous wireless and mobile networks along with novel networking paradigms, including wireless sensor networks, mobile crowdsourcing, and mobile social networking. While offering promising solutions to a wide range of new applications, their widespread adoption and large-scale deployment are often hindered by people's concerns about the security, user privacy, or both. In this dissertation, we aim to address a number of challenging security and privacy issues in heterogeneous wireless and mobile networks in an attempt to foster their widespread adoption. Our contributions are mainly fivefold. First, we introduce a novel secure and loss-resilient code dissemination scheme for wireless sensor networks deployed in hostile and harsh environments. Second, we devise a novel scheme to enable mobile users to detect any inauthentic or unsound location-based top-k query result returned by an untrusted location-based service providers. Third, we develop a novel verifiable privacy-preserving aggregation scheme for people-centric mobile sensing systems. Fourth, we present a suite of privacy-preserving profile matching protocols for proximity-based mobile social networking, which can support a wide range of matching metrics with different privacy levels. Last, we present a secure combination scheme for crowdsourcing-based cooperative spectrum sensing systems that can enable robust primary user detection even when malicious cognitive radio users constitute the majority.Dissertation/ThesisPh.D. Electrical Engineering 201

Empirical Analysis of Privacy Preservation Models for Cyber Physical Deployments from a Pragmatic Perspective

The difficulty of privacy protection in cyber-physical installations encompasses several sectors and calls for methods like encryption, hashing, secure routing, obfuscation, and data exchange, among others. To create a privacy preservation model for cyber physical deployments, it is advised that data privacy, location privacy, temporal privacy, node privacy, route privacy, and other types of privacy be taken into account. Consideration must also be given to other types of privacy, such as temporal privacy. The computationally challenging process of incorporating these models into any wireless network also affects quality of service (QoS) variables including end-to-end latency, throughput, energy use, and packet delivery ratio. The best privacy models must be used by network designers and should have the least negative influence on these quality-of-service characteristics. The designers used common privacy models for the goal of protecting cyber-physical infrastructure in order to achieve this. The limitations of these installations' interconnection and interface-ability are not taken into account in this. As a result, even while network security has increased, the network's overall quality of service has dropped. The many state-of-the-art methods for preserving privacy in cyber-physical deployments without compromising their performance in terms of quality of service are examined and analyzed in this research. Lowering the likelihood that such circumstances might arise is the aim of this investigation and review. These models are rated according to how much privacy they provide, how long it takes from start to finish to transfer data, how much energy they use, and how fast their networks are. In order to maximize privacy while maintaining a high degree of service performance, the comparison will assist network designers and researchers in selecting the optimal models for their particular deployments. Additionally, the author of this book offers a variety of tactics that, when used together, might improve each reader's performance. This study also provides a range of tried-and-true machine learning approaches that networks may take into account and examine in order to enhance their privacy performance

Envirosuite: An Environmentally-Immersive Programming Framework for Wireless Sensor Networks

Networked, embedded sensors allow for an instrumentation of the physical world at unprecedented granularities and from unimagined perspectives. The advent of a ubiquitous sensing era is evident. Yet, sensor network techniques are still far from entering mainstream adoption due to multiple unresolved research challenges, especially due to the high development cost of sensor network applications. Therefore, in this dissertation, we propose to design, implement, and evaluate an environmentally-immersive programming framework, called EnviroSuite, to reduce sensor network software development cost. The goal of our research is to create reusable sensor network development support for the community and reduce the adoption barriers for a broader category of users, ultimately leading to a transition of sensor networks from a research concept to a general-purpose technology available for use for a wide variety of research, government, industry, and everyday purposes. Current sensor network programming practice remains very cumbersome and inefficient for several reasons. First, most existing programming abstractions for sensor networks are either too low-level (thus too tedious and error-prone) or too high-level (unable to support the diversity of sensor network applications). Second, there is no clear separation between application-level programming and system-level programming. A significant concern is the lack of a general middleware library to isolate application developers from low-level details. Finally, testing sensor network systems is particularly challenging. Sensor systems interact heavily with a (non-repeatable) physical environment, making lab experiments not representative and on-site experiments very costly. This dissertation is targeted for a comprehensive solution that addresses all the above-mentioned problems. The EnviroSuite framework consists of (i) a new programming paradigm that exports environment-based abstractions, (ii) critical middleware services that support the abstractions and separate application programmers from tedious, low-level details, and (iii) testing tools geared for in-situ experimenting, debugging, and troubleshooting. First, we introduce a new programming paradigm, called environmentally-immersive programming (EIP), to capture the common characteristics of sensor network applications, the rich, distributed interactions with the physical environment. EIP refers to an object-based programming model in which individual objects represent physical elements in the external environment. It allows the programmer to think directly in terms of physical objects or events of interest. We provide language primitives for programmers to easily implement their environmental tracking and monitoring applications in EIP. A preprocessor translates such EIP code transparently into a library of support middleware services, central to which are object management algorithms, responsible for maintaining a unique mapping between physical and logical objects. The major outcome of sensor networks is observations of the instrumented environment, in other words, sensory data. Implementing an application mainly involves encoding how to generate, store, and collect such data. EIP object abstractions provide simple means for programmers to define how observations of the environment should be made via distributed coordination among multiple nodes, thus simplifying data generation. Yet, the next steps, namely, data storage and collection, remain complicated and fastidious. To isolate programmers from such concerns, we also include in the support library a set of data management services, comprising both network protocols and storage systems to allow data to be collected either in real-time or in a delay-tolerant manner. The final phase in sensor network software development life-cycle is testing, typically performed in-field, where the effects of environmental realities can be studied. However, physical events from the dynamic environment are normally asynchronous and non-repeatable. This lack of repeatability makes the last phase particularly difficult and costly. Hence, it is essential to have the capability to capture and replay sensing events, providing a basis not only for software testing, but also for realistic protocol comparison and parameter tuning. To achieve that, EnviroSuite also provides testing and debugging facilities that enable controllable and repeatable in-field experiments. Finally, to demonstrate the benefits of our framework, we build multiple representative applications upon EnviroSuite, drawn from both tracking systems such as military surveillance, and monitoring systems such as environmental acoustic monitoring. We install these applications into off-the-shelf hardware platforms and physically deploy the hardware into realistic environments. Empirical results collected from such deployments demonstrate the efficacy of EnviroSuite

EFFICIENT AND SCALABLE NETWORK SECURITY PROTOCOLS BASED ON LFSR SEQUENCES

The gap between abstract, mathematics-oriented research in cryptography and the engineering approach of designing practical, network security protocols is widening. Network researchers experiment with well-known cryptographic protocols suitable for different network models. On the other hand, researchers inclined toward theory often design cryptographic schemes without considering the practical network constraints. The goal of this dissertation is to address problems in these two challenging areas: building bridges between practical network security protocols and theoretical cryptography. This dissertation presents techniques for building performance sensitive security protocols, using primitives from linear feedback register sequences (LFSR) sequences, for a variety of challenging networking applications. The significant contributions of this thesis are: 1. A common problem faced by large-scale multicast applications, like real-time news feeds, is collecting authenticated feedback from the intended recipients. We design an efficient, scalable, and fault-tolerant technique for combining multiple signed acknowledgments into a single compact one and observe that most signatures (based on the discrete logarithm problem) used in previous protocols do not result in a scalable solution to the problem. 2. We propose a technique to authenticate on-demand source routing protocols in resource-constrained wireless mobile ad-hoc networks. We develop a single-round multisignature that requires no prior cooperation among nodes to construct the multisignature and supports authentication of cached routes. 3. We propose an efficient and scalable aggregate signature, tailored for applications like building efficient certificate chains, authenticating distributed and adaptive content management systems and securing path-vector routing protocols. 4. We observe that blind signatures could form critical building blocks of privacypreserving accountability systems, where an authority needs to vouch for the legitimacy of a message but the ownership of the message should be kept secret from the authority. We propose an efficient blind signature that can serve as a protocol building block for performance sensitive, accountability systems. All special forms digital signatures—aggregate, multi-, and blind signatures—proposed in this dissertation are the first to be constructed using LFSR sequences. Our detailed cost analysis shows that for a desired level of security, the proposed signatures outperformed existing protocols in computation cost, number of communication rounds and storage overhead