Hash Chains Sensornet: A Key Predistribution Scheme for Distributed Sensor Networks Using Nets and Hash Chains

Key management is an essential functionality for a security protocol; particularly for implementations to low cost devices of a distributed sensor networks (DSN)–a prototype of Internet of Things (IoT). Constraints in resources of the constituent devices of a low cost IoT (sensors of DSN) restricts implementations of computationally heavy public key cryptosystems. This led to adaptation of the novel key predistribution technique in symmetric key platform to efficiently tackle the problem of key management for these resource starved networks. Initial proposals use random graphs, later key predistribution schemes (KPS) exploit combinatorial approaches to assure essential design properties. Combinatorial designs like a (v, b, r, k)– configuration which forms a µ–CID are effective schemes to design KPS. A net in a vector space is a set of cosets of certain kind of subspaces called partial spread. A µ(v, b, r, k)–CID can be formed from a net. In this paper, we propose a key predistribution scheme for DSN, named as Sensornet, using a net. We observe that any deterministic KPS suffer from “smart attack” and hence devise a generic method to eliminate it. Resilience of a KPS can be improved by clever Hash Chains technique introduced by Bechkit et al. We improve our Sensornet to achieve Hash Chains Sensornet (HC(Sensornet)) by the applications of these two generic methods. Effectiveness of Sensornet and HC(Sensornet) in term of crucial metrics in comparison to other prominent schemes has been theoretically established

Security protocols suite for machine-to-machine systems

Nowadays, the great diffusion of advanced devices, such as smart-phones, has shown that there is a growing trend to rely on new technologies to generate and/or support progress; the society is clearly ready to trust on next-generation communication systems to face today’s concerns on economic and social fields. The reason for this sociological change is represented by the fact that the technologies have been open to all users, even if the latter do not necessarily have a specific knowledge in this field, and therefore the introduction of new user-friendly applications has now appeared as a business opportunity and a key factor to increase the general cohesion among all citizens. Within the actors of this technological evolution, wireless machine-to-machine (M2M) networks are becoming of great importance. These wireless networks are made up of interconnected low-power devices that are able to provide a great variety of services with little or even no user intervention. Examples of these services can be fleet management, fire detection, utilities consumption (water and energy distribution, etc.) or patients monitoring. However, since any arising technology goes together with its security threats, which have to be faced, further studies are necessary to secure wireless M2M technology. In this context, main threats are those related to attacks to the services availability and to the privacy of both the subscribers’ and the services providers’ data. Taking into account the often limited resources of the M2M devices at the hardware level, ensuring the availability and privacy requirements in the range of M2M applications while minimizing the waste of valuable resources is even more challenging. Based on the above facts, this Ph. D. thesis is aimed at providing efficient security solutions for wireless M2M networks that effectively reduce energy consumption of the network while not affecting the overall security services of the system. With this goal, we first propose a coherent taxonomy of M2M network that allows us to identify which security topics deserve special attention and which entities or specific services are particularly threatened. Second, we define an efficient, secure-data aggregation scheme that is able to increase the network lifetime by optimizing the energy consumption of the devices. Third, we propose a novel physical authenticator or frame checker that minimizes the communication costs in wireless channels and that successfully faces exhaustion attacks. Fourth, we study specific aspects of typical key management schemes to provide a novel protocol which ensures the distribution of secret keys for all the cryptographic methods used in this system. Fifth, we describe the collaboration with the WAVE2M community in order to define a proper frame format actually able to support the necessary security services, including the ones that we have already proposed; WAVE2M was funded to promote the global use of an emerging wireless communication technology for ultra-low and long-range services. And finally sixth, we provide with an accurate analysis of privacy solutions that actually fit M2M-networks services’ requirements. All the analyses along this thesis are corroborated by simulations that confirm significant improvements in terms of efficiency while supporting the necessary security requirements for M2M networks

An integrated security Protocol communication scheme for Internet of Things using the Locator/ID Separation Protocol Network

Internet of Things communication is mainly based on a machine-to-machine pattern, where devices are globally addressed and identified. However, as the number of connected devices increase, the burdens on the network infrastructure increase as well. The major challenges are the size of the routing tables and the efficiency of the current routing protocols in the Internet backbone. To address these problems, an Internet Engineering Task Force (IETF) working group, along with the research group at Cisco, are still working on the Locator/ID Separation Protocol as a routing architecture that can provide new semantics for the IP addressing, to simplify routing operations and improve scalability in the future of the Internet such as the Internet of Things. Nonetheless, The Locator/ID Separation Protocol is still at an early stage of implementation and the security Protocol e.g. Internet Protocol Security (IPSec), in particular, is still in its infancy. Based on this, three scenarios were considered: Firstly, in the initial stage, each Locator/ID Separation Protocol-capable router needs to register with a Map-Server. This is known as the Registration Stage. Nevertheless, this stage is vulnerable to masquerading and content poisoning attacks. Secondly, the addresses resolving stage, in the Locator/ID Separation Protocol the Map Server (MS) accepts Map-Request from Ingress Tunnel Routers and Egress Tunnel Routers. These routers in trun look up the database and return the requested mapping to the endpoint user. However, this stage lacks data confidentiality and mutual authentication. Furthermore, the Locator/ID Separation Protocol limits the efficiency of the security protocol which works against redirecting the data or acting as fake routers. Thirdly, As a result of the vast increase in the different Internet of Things devices, the interconnected links between these devices increase vastly as well. Thus, the communication between the devices can be easily exposed to disclosures by attackers such as Man in the Middle Attacks (MitM) and Denial of Service Attack (DoS). This research provided a comprehensive study for Communication and Mobility in the Internet of Things as well as the taxonomy of different security protocols. It went on to investigate the security threats and vulnerabilities of Locator/ID Separation Protocol using X.805 framework standard. Then three Security protocols were provided to secure the exchanged transitions of communication in Locator/ID Separation Protocol. The first security protocol had been implemented to secure the Registration stage of Locator/ID separation using ID/Based cryptography method. The second security protocol was implemented to address the Resolving stage in the Locator/ID Separation Protocol between the Ingress Tunnel Router and Egress Tunnel Router using Challenge-Response authentication and Key Agreement technique. Where, the third security protocol had been proposed, analysed and evaluated for the Internet of Things communication devices. This protocol was based on the authentication and the group key agreement via using the El-Gamal concept. The developed protocols set an interface between each level of the phase to achieve security refinement architecture to Internet of Things based on Locator/ID Separation Protocol. These protocols were verified using Automated Validation Internet Security Protocol and Applications (AVISPA) which is a push button tool for the automated validation of security protocols and achieved results demonstrating that they do not have any security flaws. Finally, a performance analysis of security refinement protocol analysis and an evaluation were conducted using Contiki and Cooja simulation tool. The results of the performance analysis showed that the security refinement was highly scalable and the memory was quite efficient as it needed only 72 bytes of memory to store the keys in the Wireless Sensor Network (WSN) device

Improvements to data transportation security in wireless sensor networks

Wireless Sensor Networks (WSNs) are computer networks consisting of miniaturisedelectronic devices that aim to gather and report information about their environment. Thedevices are limited in computational, data storage and communication ability. Furthermore,the devices communicate via a wireless, unregulated medium and usually operate on finitepower sources. Security in Wireless Sensor Networks is the research area that seeks toprovide adequate and energy-efficient security mechanisms for WSNs. Such provision isrequired in order to increase their range of possible applications and allow them to bedeployed in critical and valuable environments. Existing security mechanisms for largercomputer networks are inappropriate since they were not designed for the resourceconstrainedenvironment of WSNs. There are some purpose-built solutions but this researchhas found potential security or efficiency problems with each of them.This thesis contributes SecRose, a security mechanism for the data-transportation layer ofWireless Sensor Networks. The solution attempts to provide higher level of security thancurrently provided, without introduction of significant energy overheads and by retainingbackwards compatibility. SecRose achieves its security objectives by introducing a number ofinnovations and improvements.SecRose innovates in the provision of freshness and semantic security by altering the secretcryptographic keys. The process is managed at the transportation level by the basic keymanagement mechanism. The integrity and safety of the key-changing operation is achievedby authenticating all packets and their acknowledgements. This behaviour contrasts with otherproposals, which are based on openly transmitted Initialisation Vectors, and allows SecRoseto provide better security than most of them, including TinySec, the accepted standard.In addition, measurements show that SecRose provides better energy-efficiency than otherproposals. In particular, the solution requires less energy than TinySec in all cases and it caneven be more efficient than the base Operating System, the TinyOS, which does not provideany security at all

Improvements to data transportation security in wireless sensor networks

Wireless Sensor Networks (WSNs) are computer networks consisting of miniaturised electronic devices that aim to gather and report information about their environment. The devices are limited in computational, data storage and communication ability. Furthermore, the devices communicate via a wireless, unregulated medium and usually operate on finite power sources. Security in Wireless Sensor Networks is the research area that seeks to provide adequate and energy-efficient security mechanisms for WSNs. Such provision is required in order to increase their range of possible applications and allow them to be deployed in critical and valuable environments. Existing security mechanisms for larger computer networks are inappropriate since they were not designed for the resourceconstrained environment of WSNs. There are some purpose-built solutions but this research has found potential security or efficiency problems with each of them. This thesis contributes SecRose, a security mechanism for the data-transportation layer of Wireless Sensor Networks. The solution attempts to provide higher level of security than currently provided, without introduction of significant energy overheads and by retaining backwards compatibility. SecRose achieves its security objectives by introducing a number of innovations and improvements. SecRose innovates in the provision of freshness and semantic security by altering the secret cryptographic keys. The process is managed at the transportation level by the basic key management mechanism. The integrity and safety of the key-changing operation is achieved by authenticating all packets and their acknowledgements. This behaviour contrasts with other proposals, which are based on openly transmitted Initialisation Vectors, and allows SecRose to provide better security than most of them, including TinySec, the accepted standard. In addition, measurements show that SecRose provides better energy-efficiency than other proposals. In particular, the solution requires less energy than TinySec in all cases and it can even be more efficient than the base Operating System, the TinyOS, which does not provide any security at all.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Security and Privacy for Modern Wireless Communication Systems

The aim of this reprint focuses on the latest protocol research, software/hardware development and implementation, and system architecture design in addressing emerging security and privacy issues for modern wireless communication networks. Relevant topics include, but are not limited to, the following: deep-learning-based security and privacy design; covert communications; information-theoretical foundations for advanced security and privacy techniques; lightweight cryptography for power constrained networks; physical layer key generation; prototypes and testbeds for security and privacy solutions; encryption and decryption algorithm for low-latency constrained networks; security protocols for modern wireless communication networks; network intrusion detection; physical layer design with security consideration; anonymity in data transmission; vulnerabilities in security and privacy in modern wireless communication networks; challenges of security and privacy in node–edge–cloud computation; security and privacy design for low-power wide-area IoT networks; security and privacy design for vehicle networks; security and privacy design for underwater communications networks