A novel routing approach for source location privacy in wireless sensor networks

Wireless sensor networks (WSNs) allows the world to use a technology for event supervision for several applications like military and civilian applications. Network privacy remained a prime concern in WSNs. Privacy of Source location is assumed to be one of the main un-tackled issues in privacy ofWSNs. Privacy of the source location is vital and highly jeopardized with the use of wireless communications. For WSNs, privacy of source location is become more complex by the fact that sensor nodes are low cost and energy efficient radio devices. So, use of computation intensive encryption methods and large scale broadcasting based algorithms are found to be unsuitable for WSNs. Several schemes have been proposed to ensure privacy of source location in WSNs. But, most of existing schemes depends on public-key cryptosystems, while others are either energy inefficient or have certain security flaws like leakage of information using directional attacks or traffic analysis attacks. In this thesis, we propose a novel dynamic routing based approach for preserving privacy of source location in WSNs, which injects fake packets in network and switches the real packet information among different routing patterns. It addresses the privacy of source location by considering the limited features of WSNs. Major contributions of this work includes two aspects. Firstly, different from the existing approaches, the proposed approach considers enhancing the security of nodes with minimal transmission delay and consumes power with minimum effect on the lifetime of the network. Secondly, the proposed approach is designed to defend many attacks like hop by hop, directional attacks by choosing a suitable path to send information from node to BS dynamically without affecting network life significantly. Thus, it becomes difficult for the attacker to find the exact path, and hence the original location of node. The proposed approach is implemented and validated by comparing its results with that of the existing approaches in the field of source location privacy in terms of Power consumption, Transmission delay, Safety period, and network lifetime. The analysis of comparative results indicates that the proposed approach is superior to the existing approaches in preserving the source location privacy

Context discovery using attenuated Bloom codes: model description and validation

A novel approach to performing context discovery in ad-hoc networks based on the use of attenuated Bloom filters is proposed in this report. In order to investigate the performance of this approach, a model has been developed. This document describes the model and its validation. The model has been implemented in Matlab, and results are also shown in this document. Attenuated Bloom filters appear to be a very promising approach for context discovery in ad hoc networks compared to conventional solutions. The results show that using attenuated Bloom filters in context discovery can well save traffic load in a fully distributed ad hoc network in practical situations

ERROR CORRECTION CODE-BASED EMBEDDING IN ADAPTIVE RATE WIRELESS COMMUNICATION SYSTEMS

In this dissertation, we investigated the methods for development of embedded channels within error correction mechanisms utilized to support adaptive rate communication systems. We developed an error correction code-based embedding scheme suitable for application in modern wireless data communication standards. We specifically implemented the scheme for both low-density parity check block codes and binary convolutional codes. While error correction code-based information hiding has been previously presented in literature, we sought to take advantage of the fact that these wireless systems have the ability to change their modulation and coding rates in response to changing channel conditions. We utilized this functionality to incorporate knowledge of the channel state into the scheme, which led to an increase in embedding capacity. We conducted extensive simulations to establish the performance of our embedding methodologies. Results from these simulations enabled the development of models to characterize the behavior of the embedded channels and identify sources of distortion in the underlying communication system. Finally, we developed expressions to define limitations on the capacity of these channels subject to a variety of constraints, including the selected modulation type and coding rate of the communication system, the current channel state, and the specific embedding implementation.Commander, United States NavyApproved for public release; distribution is unlimited

IEEE 802.11 user fingerprinting and its applications for intrusion detection

AbstractEasy associations with wireless access points (APs) give users temporal and quick access to the Internet. It needs only a few seconds to take their machines to hotspots and do a little configuration in order to have Internet access. However, this portability becomes a double-edged sword for ignorant network users. Network protocol analyzers are typically developed for network performance analysis. Nonetheless, they can also be used to reveal user’s privacy by classifying network traffic. Some characteristics in IEEE 802.11 traffic particularly help identify users. Like actual human fingerprints, there are also unique traffic characteristics for each network user. They are called network user fingerprints, by tracking which more than half of network users can be connected to their traffic even with medium access control (MAC) layer pseudonyms. On the other hand, the concept of network user fingerprint is likely to be a powerful tool for intrusion detection and computer/digital forensics. As with actual criminal investigations, comparison of sampling data to training data may increase confidence in criminal specification. This article focuses on a survey on a user fingerprinting technique of IEEE 802.11 wireless LAN traffic. We also summarize some of the researches on IEEE 802.11 network characteristic analysis to figure out rogue APs and MAC protocol misbehaviors

LSCD : A Low-Storage Clone Detection Protocol for Cyber-Physical Systems

Cyber-physical systems (CPSs) have recently become an important research field not only because of their important and varied application scenarios, including transportation systems, smart homes, surveillance systems, and wearable devices but also because the fundamental infrastructure has yet to be well addressed. Wireless sensor networks (WSNs), as a type of supporting infrastructure, play an irreplaceable role in CPS design. Specifically, secure communication in WSNs is vital because information transferred in the networks can be easily stolen or replaced. Therefore, this paper presents a novel distributed low-storage clone detection protocol (LSCD) for WSNs. We first design a detection route along the perpendicular direction of a witness path with witness nodes deployed in a ring path. This ensures that the detection route must encounter the witness path because the distance between any two detection routes must be smaller than the witness path length. In the LSCD protocol, clone detection is processed in a nonhotspot region where a large amount of energy remains, which can improve energy efficiency as well as network lifetime. Extensive simulations demonstrate that the lifetime, storage requirements, and detection probability of our protocol are substantially improved over competing solutions from the literature

Mecanismos de facturação segura em redes auto-organizadas

Mestrado em Engenharia Electrónica e TelecomunicaçõesAs redes ad-hoc e as redes auto-organizadas constituem uma área de investigação com grande interesse. Estas redes são uteis em cenários onde seja necessária uma rede de baixo custo, elevada adaptabilidade e reduzido tempo de criação. As redes infra-estruturadas, tendo uma gestão centralizada, estão agora a começar a adoptar os conceitos de redes autoorganizadas nas suas arquitecturas. Ao contrário dos sistemas centralizados, redes auto-organizadas requerem que todos os terminais participantes operem de acordo com o melhor interesse da rede. O facto de, em redes ad-hoc, os equipamentos possuírem recursos limitados, pôe em causa este requisito levando a comportamentos egoístas. Este comportamento é espectavel criando problemas nas redes auto-organizativas, ameaçando o funcionamento de uma rede inteira. Algumas propostas foram ja criadas de modo a motivar a sua utilização correcta. Destas, algumas são baseadas em trocas de credito entre utilizadores, outras preveêm a existência de entidades gestoras de creditos. Estas ultimas propostas, que irão ser o foco desta dissertação, permitem a facil integração de redes ad-hoc com redes infra-estruturadas e geridas por um operador. Este trabalho descreve o estado da arte actual e, com algum detalhe, os métodos utilizados e as solucões relevantes para esta area. São propostas duas novas soluções de taxação para estas redes. Ambas as soluções possibilitam a integração das redes com metodos de taxação habituais em redes geridas por operadores. Para além disto, a motivação à participaçãao é aumentada através de incentivos ao encaminhamento de pacotes. Todos os processos são criptograficamente seguros através da utilização de métodos standard como DSA sobre Curvas Elípticas e funções de síntese robustas. As soluções propostas são descritas analiticamente e analisadas, sendo os os resultados obtidos comparados com outra proposta do estado da arte. Um exaustivo trabalho de simulação é igualmente descrito de forma a avaliar as soluções em cenários mais complexos. Os resultados obtidos em simulação são avaliados tendo em conta a variação de várias métricas como mobilidade, carga na rede, protocolo de encaminhamento e protocolo de transporte. No final, a arquitectura, implementação e resultados obtidos com uma implementação real de uma das propostas e os seus resultados analisados.Self-organised and ad-hoc networks are an area with an existing large research community. These networks are much useful in scenarios requiring a rapidly deployed, low cost and highly adaptable network. Recently, infrastructure networks, which are managed in a much centralised form, are starting to introduce concepts of self-organised networks in its architecture. In opposition to centralised systems, self-organisation creates the necessity for all nodes to behave according to the best interest of the network. The fact that in many ad-hoc networks nodes have scarce resources poses some threats to this requirement. As resources decreases, such as battery or wireless bandwidth, nodes can start acting selfishly. This behaviour is known to bring damage to self-organised networks and threatens the entire network. Several proposals were made in order to promote the correct usage of the network. Some proposals are based on local information and direct credit exchange while others envision the existence of a central bank. The later solutions are further elaborated in this thesis, as they make possible integration of ad-hoc network with operator driven infrastructures. This work presents the current state-of-the-art on the area providing a detailed insight on the methods adopted by each solution presented. Two novel solutions are proposed providing charging support for integrated ad-hoc networks. Both solutions provide means of integration with standard management methods found in operator networks. Also, node´s motivation is increased through the reward of nodes forwarding data packets. The entire process is cryptographically secure, making use of standard methods such as Elliptic Curve DSA and strong digest functions. The solutions proposed are described and analysed analytically, comparing the results with other state-of-the-art proposals. Extensive simulation work is also presented which furthers evaluates the solutions in complex scenarios. Results are obtained from these scenarios and several metrics are evaluated taking in consideration mobility, network load, routing protocol and transport protocol. The architecture and results obtained with a real implementation are finally presented and analysed

Message traceback systems dancing with the devil

The research community has produced a great deal of work in recent years in the areas of IP, layer 2 and connection-chain traceback. We collectively designate these as message traceback systems which, invariably aim to locate the origin of network data, in spite of any alterations effected to that data (whether legitimately or fraudulently). This thesis provides a unifying definition of spoofing and a classification based on this which aims to encompass all streams of message traceback research. The feasibility of this classification is established through its application to our literature review of the numerous known message traceback systems. We propose two layer 2 (L2) traceback systems, switch-SPIE and COTraSE, which adopt different approaches to logging based L2 traceback for switched ethernet. Whilst message traceback in spite of spoofing is interesting and perhaps more challenging than at first seems, one might say that it is rather academic. Logging of network data is a controversial and unpopular notion and network administrators don't want the added installation and maintenance costs. However, European Parliament Directive 2006/24/EC requires that providers of publicly available electronic communications networks retain data in a form similar to mobile telephony call records, from April 2009 and for periods of up to 2 years. This thesis identifies the relevance of work in all areas of message traceback to the European data retention legislation. In the final part of this thesis we apply our experiences with L2 traceback, together with our definitions and classification of spoofing to discuss the issues that EU data retention implementations should consider. It is possible to 'do logging right' and even safeguard user privacy. However this can only occur if we fully understand the technical challenges, requiring much further work in all areas of logging based, message traceback systems. We have no choice but to dance with the devil.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Preserving Source-Location Privacy through Redundant Fog Loop for Wireless Sensor Networks

A redundant fog loop-based scheme is proposed to preserve the source node-location privacy and achieve energy efficiency through two important mechanisms in wireless sensor networks (WSNs). The first mechanism is to create fogs with loop paths. The second mechanism creates fogs in the real source node region as well as many interference fogs in other regions of the network. In addition, the fogs are dynamically changing, and the communication among fogs also forms the loop path. The simulation results show that for medium-scale networks, our scheme can improve the privacy security by 8 fold compared to the phantom routing scheme, whereas the energy efficiency can be improved by 4 fold.Location: Liverpool, UNITED KINGDOMDate: OCT 26-28, 201

Source location privacy in wireless sensor networks under practical scenarios : routing protocols, parameterisations and trade-offs

As wireless sensor networks (WSNs) have been applied across a spectrum of application domains, source location privacy (SLP) has emerged as a significant issue, particularly in security-critical situations. In seminal work on SLP, several protocols were proposed as viable approaches to address the issue of SLP. However, most state-of-the-art approaches work under specific network assumptions. For example, phantom routing, one of the most popular routing protocols for SLP, assumes a single source. On the other hand, in practical scenarios for SLP, this assumption is not realistic, as there will be multiple data sources. Other issues of practical interest include network configurations. Thus, thesis addresses the impact of these practical considerations on SLP. The first step is the evaluation of phantom routing under various configurations, e.g., multiple sources and network configurations. The results show that phantom routing does not scale to handle multiple sources while providing high SLP at the expense of low messages yield. Thus, an important issue arises as a result of this observation that the need for a routing protocol that can handle multiple sources. As such, a novel parametric routing protocol is proposed, called phantom walkabouts, for SLP for multi-source WSNs. A large-scale experiments are conducted to evaluate the efficiency of phantom walkabouts. The main observation is that phantom walkabouts can provide high level of SLP at the expense of energy and/or data yield. To deal with these trade-offs, a framework that allows reasoning about trade-offs needs to develop. Thus, a decision theoretic methodology is proposed that allows reasoning about these trade-offs. The results showcase the viability of this methodology via several case studies

Protecting Contextual Information in WSNs: Source- and Receiver-Location Privacy Solutions

La privacidad es un derecho fundamental recogido por numerosas leyes y tratados entre los que destaca la Declaración Universal de los Derechos Humanos de las Naciones Unidas. Sin embargo, este derecho fundamental se ha visto vulnerado en numerosas ocasiones a lo largo de la historia; y el desarrollo de la tecnología, en especial la mejora de los sistemas de recolección, analisis y diseminación de información, han tenido gran parte de culpa. En la actualidad nos encontramos en un punto en el que el desarrollo y despliegue de sistemas ubicuos, encabezados por las redes inalámbricas de sensores, puede llegar a suponer un riesgo de privacidad sin precedentes dada su capacidad para recolectar información en cantidades y situaciones hasta el momento insospechadas. Existe, por tanto, una urgente necesidad de desarrollar mecanismos capaces de velar por nuestra información más sensible. Es precisamente éste uno de los objetivos principales de la presente tesis doctoral: facilitar la integración de las redes inalámbricas de sensores en nuestro día a día sin que éstas supongan un grave riesgo de privacidad. Esta tesis se centra en un problema de privacidad particular que viene derivado de la naturaleza inalámbrica de las comunicaciones y de la necesidad imperiosa de ahorrar energía que existe en estas redes de recursos restringidos. Para las redes de sensores, las comunicaciones suponen un gran porcentaje del presupuesto energético y, por ello, los protocolos de encaminamiento empleados tienden a minimizarlas, utilizando protocolos de camino óptimo. Aprovechándose de esta situación, un observador podría, mediante técnicas de análisis de tráfico no demasiado sofisticadas, y sin necesidad de descifrar el contenido de los paquete, determinar el origen y el destino de las comunicaciones. Esto supone, al igual que en los sistemas de comunicación tradicionales, un grave riesgo para la privacidad. Dado que el problema de la privacidad de localización en redes de sensores se reduce a una cuestión de análisis de tráfico, parece razonable pensar que las soluciones desarrolladas a tal fin en redes de computadores pueden ser de utilida. Sin embargo, esta hipótesis ha sido rechazada en varias ocasiones con argumentos vagos al respecto de las limitaciones computacionales y energéticas de las redes de sensores. Nosotros consideramos que esto no es motivo suficiente para descartar estas soluciones ya que, a pesar de la tendencia actual, en el futuro podríamos tener nodos sensores de gran capacidad. Por ello, uno de los objetivos de esta tesis ha sido realizar un análisis exhaustivo sobre la aplicabilidad de estas soluciones al ámbito de las redes de sensores, centrándonos no sólo en los requisitos computacionales sino también en las propiedades de anonimato que se persiguen, en los modelos de atacante y en las posibles limitaciones que podrían derivarse de su aplicación. Por otra parte, se ha realizado un amplio análisis de las soluciones de privacidad de localización existentes para redes de sensores. Este análisis no se ha centrado únicamente en estudiar las técnicas de protección de empleadas sino que además se ha esforzado en destacar las ventajas e inconvenientes de las distintas soluciones. Esto ha permitido desarrollar una completa taxonomía en varios niveles basada en los recursos que se desean proteger, los modelos de adversario a los que hacer frente y las principales características o técnicas empleadas por las diferentes soluciones. Además, a partir de esto se han detectado una serie de problemas abiertos y puntos de mejora del estado del arte actual, que se han plasmado en dos nuevas soluciones; una de las soluciones se ha centrado en la protección de la localización del origen de datos, mientras que la otra se ha enfocado a la protección de la estación base. Ambas soluciones tienen en cuenta atacantes con un rango de escucha parcial y capaces de desplazarse en el terreno para observar las comunicaciones en diferentes zonas de la red. La primera de las soluciones desarrolladas parte de la observación de que los mecanismos actuales se basan principalmente en el envío de paquetes siguiendo caminos aleatorios sin ningún conocimiento acerca de si estos caminos son realmente efectivos para hacer frente a un atacante local. La idea detrás de CALP es aprovechar la capacidad que tienen las redes de sensores para sentir lo que pasa en su entorno para desarrollar mecanismos de protección más inteligentes utilizando información acerca del atacante. De esta forma, se consigue reducir drásticamente el consumo energético de la solución y al mismo tiempo se reduce el retraso de las comunicaciones, ya que el mecanismo sólo se activa ante la presencia de un atacante. Aunque esta idea se ha aplicado únicamente a la protección de los nodos origen de datos, sus características indican que también sería posible aplicarla con éxito a la protección de la estación base. La segunda solución surge tras observar que las soluciones para proteger la estación base son demasiado costosas a nivel energético o, en su defecto, revelan información sobre su localización. Además, hasta la fecha ninguna solución había tenido en cuenta que si un atacante obtiene las tablas de rutas de un nodo obtiene información sobre la estación base. Nuestra solución, HISP-NC, se basa en dos mecanismos complementarios que, por un lado, hacen frente a ataques de análisis de tráfico y, por otro lado, protegen frente al nuevo modelo de atacante desarrollado. El primer mecanismo se basa en la homogeneización del tráfico en el entorno del camino y el segundo en la perturbación de la tabla de rutas, de manera que se dificulta el ataque al tiempo que se asegura la llegada de datos a la estación base