Heterogeneous Distributed Sensor Networks (HDSN)

A new deployment model of distributed sensor network is presented where sensors with different functional types participate at the same time. In this model the sensors are associated with different deployment sets but they cooperate with each other within and out of their respective sets. We term this network model as Heterogeneous Distributed Sensor Network (HDSN). The heterogeneity here refers to the functional heterogeneity of the sensors participating in the network. The advantages of such network model and potential research scopes are also discussed

Multiple Bridge Secret Delivery in Wireless Sensor Networks

Achieving security in wireless sensor networks is a challenging problem due to the inherent resource and computing constraints. Several key distribution techniques have been proposed in the technical literature for efficient distribution of keys to the nodes prior deployment. These techniques establish secure links for some pairs of physically connected nodes but leave other pairs alone. Remaining nodes use multi-hop scheme to form a secured path connecting these links. Using this technique, the secret is disclosed to all the nodes on the path. Therefore, if any of the nodes is compromised by an adversary, secret is disclosed to the adversary. To solve this problem, a scheme called Babel was proposed recently that finds common bridge node to deliver secret link keys to their neighbors. In this scheme regular paths are used to deliver multiple keys with the common bridge node, hence key compromise probability is lowered compared to previous techniques. Our work is based on the Babel scheme and has several advantages. In our work we propose a new scheme that finds multiple bridge nodes to deliver secret link keys to all its physical neighbors. Keys are distributed to multiple bridge nodes instead of one common bridge node to establish secure connections to the disconnected nodes. Hence even if a few of the bridge nodes are compromised, secret will not be disclosed to the adversary. We present the details of our scheme's design and investigate the connectivity and security performance of our scheme in this thesis

Software based deployment of encryption keys in wireless sensor networks.

Sensor networks are just in their infancy. Their use will continue to grow as the technology becomes cheaper and more efficient. A current shortcoming with sensor networks is the inability to efficiently provide secure communications. As sensor networks are deployed to monitor and control systems, the security of communications will become a more important. This thesis proposes a new approach to key establishment and renewal through the use of point-to-point keys and software verification and validation to ensure the integrity of two nodes. Sensor networks exist on limited resources, so power efficiency is a concern. The proposed protocol allows for the use of small keys instead of large pre-distributed keys. This thesis explores the design and implementation of a new point-to-point key generation and renewal algorithm. The main contribution is the development of an algorithm that utilizes a software integrity check to ensure the validity of a node. The thesis also utilizes a simulated sensor network to test and validate the new software algorithm

Establishing pair-wise keys in heterogeneous sensor networks

Abstract — Many applications that make use of sensor networks require secure communication. Because asymmetric-key solutions are difficult to implement in such a resource-constrained environment, symmetric-key methods coupled with a priori key distribution schemes have been proposed to achieve the goals of data secrecy and integrity. These approaches typically assume that all sensors are similar in terms of capabilities, and hence deploy the same number of keys in all sensors in a network to provide the aforementioned protections. In this paper we demonstrate that a probabilistic unbalanced distribution of keys throughout the network that leverages the existence of a small percentage of more capable sensor nodes can not only provide an equal level of security but also reduce the consequences of node compromise. We demonstrate the effectiveness of this approach on small networks using a variety of trust models and then demonstrate the application of this method to very large systems. The approach and analysis presented in this paper can be applied to all protocols that use probabilistic keys including those that employ broadcast mechanisms, hash functions or polynomials for the generation of keys

Secure and Private Data Aggregation in WSN

Data aggregation is an important efficiency mechanism for large scale, resource constrained networks such as wireless sensor networks (WSN). Security and privacy are central for many data aggregation applications: (1) entities make decisions based on the results of the data aggregation, so the entities need to be assured that the aggregation process and in particular the aggregate data they receive has not been corrupted (i.e., verify the integrity of the aggregation); (2) If the aggregation application has been attacked, then the attack must be handled efficiently; (3) the privacy requirements of the sensor network must be preserved. The nature of both wireless sensor networks and data aggregation make it particularly challenging to provide the desired security and privacy requirements: (1) sensors in WSN can be easily compromised and subsequently corrupted by an adversary since they are unmonitored and have little physical security; (2) a malicious aggregator node at the root of an aggregation subtree can corrupt not just its own value but also that of all the nodes in its entire aggregation subtree; (3) since sensors have limited resourced, it is crucial to achieve the security objectives while adopting only cheap symmetric-key based operations and minimizing communication cost. In this thesis, we first address the problem of efficient handling of adversarial attacks on data aggregation applications in WSN. We propose and analyze a detection and identification solution, presenting a precise cost-based characterization when in-network data aggregation retains its assumed benefits under persistent attacks. Second, we address the issue of data privacy in WSN in the context of data aggregation. We introduce and analyze the problem of privacy-preserving integrity-assured data aggregation (PIA) and show that there is an inherent tension between preservation of data privacy and secure data aggregation. Additionally, we look at the problem of PIA in publish-subscribe networks when there are multiple, collaborative yet competing subscribers

A privacy preserving framework for cyber-physical systems and its integration in real world applications

A cyber-physical system (CPS) comprises of a network of processing and communication capable sensors and actuators that are pervasively embedded in the physical world. These intelligent computing elements achieve the tight combination and coordination between the logic processing and physical resources. It is envisioned that CPS will have great economic and societal impact, and alter the qualify of life like what Internet has done. This dissertation focuses on the privacy issues in current and future CPS applications. as thousands of the intelligent devices are deeply embedded in human societies, the system operations may potentially disclose the sensitive information if no privacy preserving mechanism is designed. This dissertation identifies data privacy and location privacy as the representatives to investigate the privacy problems in CPS. The data content privacy infringement occurs if the adversary can determine or partially determine the meaning of the transmitted data or the data stored in the storage. The location privacy, on the other hand, is the secrecy that a certain sensed object is associated to a specific location, the disclosure of which may endanger the sensed object. The location privacy may be compromised by the adversary through hop-by-hop traceback along the reverse direction of the message routing path. This dissertation proposes a public key based access control scheme to protect the data content privacy. Recent advances in efficient public key schemes, such as ECC, have already shown the feasibility to use public key schemes on low power devices including sensor motes. In this dissertation, an efficient public key security primitives, WM-ECC, has been implemented for TelosB and MICAz, the two major hardware platform in current sensor networks. WM-ECC achieves the best performance among the academic implementations. Based on WM-ECC, this dissertation has designed various security schemes, including pairwise key establishment, user access control and false data filtering mechanism, to protect the data content privacy. The experiments presented in this dissertation have shown that the proposed schemes are practical for real world applications. to protect the location privacy, this dissertation has considered two adversary models. For the first model in which an adversary has limited radio detection capability, the privacy-aware routing schemes are designed to slow down the adversary\u27s traceback progress. Through theoretical analysis, this dissertation shows how to maximize the adversary\u27s traceback time given a power consumption budget for message routing. Based on the theoretical results, this dissertation also proposes a simple and practical weighted random stride (WRS) routing scheme. The second model assumes a more powerful adversary that is able to monitor all radio communications in the network. This dissertation proposes a random schedule scheme in which each node transmits at a certain time slot in a period so that the adversary would not be able to profile the difference in communication patterns among all the nodes. Finally, this dissertation integrates the proposed privacy preserving framework into Snoogle, a sensor nodes based search engine for the physical world. Snoogle allows people to search for the physical objects in their vicinity. The previously proposed privacy preserving schemes are applied in the application to achieve the flexible and resilient privacy preserving capabilities. In addition to security and privacy, Snoogle also incorporates a number of energy saving and communication compression techniques that are carefully designed for systems composed of low-cost, low-power embedded devices. The evaluation study comprises of the real world experiments on a prototype Snoogle system and the scalability simulations

Formal modelling and analysis of denial of services attacks in wireless sensor networks

Wireless Sensor Networks (WSNs) have attracted considerable research attention in recent years because of the perceived potential benefits offered by self-organising, multi-hop networks consisting of low-cost and small wireless devices for monitoring or control applications in di±cult environments. WSN may be deployed in hostile or inaccessible environments and are often unattended. These conditions present many challenges in ensuring that WSNs work effectively and survive long enough to fulfil their functionalities. Securing a WSN against any malicious attack is a particular challenge. Due to the limited resources of nodes, traditional routing protocols are not appropriate in WSNs and innovative methods are used to route data from source nodes to sink nodes (base stations). To evaluate the routing protocols against DoS attacks, an innovative design method of combining formal modelling and computer simulations has been proposed. This research has shown that by using formal modelling hidden bugs (e.g. vulnerability to attacks) in routing protocols can be detected automatically. In addition, through a rigorous testing, a new routing protocol, RAEED (Robust formally Analysed protocol for wirEless sEnsor networks Deployment), was developed which is able to operate effectively in the presence of hello flood, rushing, wormhole, black hole, gray hole, sink hole, INA and jamming attacks. It has been proved formally and using computer simulation that the RAEED can pacify these DoS attacks. A second contribution of this thesis relates to the development of a framework to check the vulnerability of different routing protocols against Denial of Service(DoS) attacks. This has allowed us to evaluate formally some existing and known routing protocols against various DoS attacks iand these include TinyOS Beaconing, Authentic TinyOS using uTesla, Rumour Routing, LEACH, Direct Diffusion, INSENS, ARRIVE and ARAN protocols. This has resulted in the development of an innovative and simple defence technique with no additional hardware cost for deployment against wormhole and INA attacks. In the thesis, the detection of weaknesses in INSENS, Arrive and ARAN protocols was also addressed formally. Finally, an e±cient design methodology using a combination of formal modelling and simulation is propose to evaluate the performances of routing protocols against DoS attacks

Group-based secure communication for wireless sensor networks

Wireless Sensor Networks (WSNs) are a newly developed networking technology consisting of multifunctional sensor nodes that are small in size and communicate over short distances. Continuous growth in the use of Wireless Sensor Networks (WSN) in sensitive applications such as military or hostile environments and also generally has resulted m a requirement for effective security mechanisms in the system design In order to protect the sensitive data and the sensor readings, shared keys should be used to encrypt the exchanged messages between communicating nodes. Many key management schemes have been developed recently and a serious threat highlighted in all of these schemes is that of node capture attacks, where an adversary gains full control over a sensor node through direct physical access. This can lead an adversary to compromise the communication of an entire WSN. Additionally ignoring security issues related to data aggregation can also bring large damage to WSNs. Furthermore, in case an aggregator node, group leader or cluster head node fails there should be a secure and efficient way of electing or selecting a new aggregator or group leader node in order to avoid adversary node to be selected as a new group leader. A key management protocol for mobile sensor nodes is needed to enable them to securely communicate and authenticate with the rest of the WSN