Key Generation in Wireless Sensor Networks Based on Frequency-selective Channels - Design, Implementation, and Analysis

Key management in wireless sensor networks faces several new challenges. The scale, resource limitations, and new threats such as node capture necessitate the use of an on-line key generation by the nodes themselves. However, the cost of such schemes is high since their secrecy is based on computational complexity. Recently, several research contributions justified that the wireless channel itself can be used to generate information-theoretic secure keys. By exchanging sampling messages during movement, a bit string can be derived that is only known to the involved entities. Yet, movement is not the only possibility to generate randomness. The channel response is also strongly dependent on the frequency of the transmitted signal. In our work, we introduce a protocol for key generation based on the frequency-selectivity of channel fading. The practical advantage of this approach is that we do not require node movement. Thus, the frequent case of a sensor network with static motes is supported. Furthermore, the error correction property of the protocol mitigates the effects of measurement errors and other temporal effects, giving rise to an agreement rate of over 97%. We show the applicability of our protocol by implementing it on MICAz motes, and evaluate its robustness and secrecy through experiments and analysis.Comment: Submitted to IEEE Transactions on Dependable and Secure Computin

A scheme for efficient peer-to-peer live video streaming over wireless mesh networks

Peers in a Peer-to-Peer (P2P) live video streaming system over hybrid wireless mesh networks (WMNs) enjoy high video quality when both random network coding (RNC) and an efficient hybrid routing protocol are employed. Although RNC is the most recently used method of efficient video streaming, it imposes high transmission overhead and decoding computational complexity on the network which reduces the perceived video quality. Besides that, RNC cannot guaranty a non-existence of linear dependency in the generated coefficients matrix. In WMNs, node mobility has not been efficiently addressed by current hybrid routing protocols that increase video distortion which would lead to low video quality. In addition, these protocols cannot efficiently support nodes which operate in infrastructure mode. Therefore, the purpose of this research is to propose a P2P live video streaming scheme which consists of two phases followed by the integration of these two phases known as the third phase to provide high video quality in hybrid WMNs. In the first phase, a novel coefficients matrix generation and inversion method has been proposed to address the mentioned limitations of RNC. In the second phase, the proposed enhanced hybrid routing protocol was used to efficiently route video streams among nodes using the most stable path with low routing overhead. Moreover, this protocol effectively supports mobility and nodes which operate in infrastructure mode by exploiting the advantages of the designed locator service. Results of simulations from the first phase showed that video distortion as the most important performance metric in live video streaming, had improved by 36 percent in comparison with current RNC method which employs the Gauss-Jordan Elimination (RNC-GJE) method in decoding. Other metrics including frame dependency distortion, initial start-up delay and end-to-end delay have also improved using the proposed method. Based on previous studies, although Reactive (DYMO) routing protocol provides better performance than other existing routing protocols in a hybrid WMN, the proposed protocol in the second phase had average improvements in video distortion of l86% for hybrid wireless mesh protocol (HWMP), 49% for Reactive (Dynamic MANET On-Demand-DYMO), 75% for Proactive (Optimized Link State Routing-OLSR), and 60% for Ad-hoc on-demand Distance Vector Spanning-Tree (AODV-ST). Other metrics including end-to-end delay, packet delay variation, routing overhead and number of delivered video frames have also improved using the proposed protocol. Finally, the third phase, an integration of the first two phases has proven to be an efficient scheme for high quality P2P live video streaming over hybrid WMNs. This video streaming scheme had averagely improved video distortion by 41%, frame dependency distortion by 50%, initial start-up delay by 15% and end-to-end delay by 33% in comparison with the average introduced values by three other considered integration cases which are Reactive and RNC-GJE, Reactive and the first phase, the second phase and RNC-GJE

Localization in Wireless Sensor Networks and Anchor Placement

Applications of wireless sensor network (WSN) often expect knowledge of the precise location of the nodes. Many different localization protocols have been proposed that allow nodes to derive their location rather than equipping them with dedicated localization hardware such as GPS receivers, which increases node costs. We provide a brief survey of the major approaches to software-based node localization in WSN. One class of localization protocols with good localization performance patches together relative-coordinate, local maps into a global-coordinate map. These protocols require some nodes that know their absolute coordinates, called anchor nodes. While many factors influence the node position errors, in this class of protocols, using Procrustes Analysis, the placement of the anchor nodes can significantly impact the error. Through simulation, using the Curvilinear Component Analysis (CCA-MAP) protocol as a representative protocol in this category, we show the impact of anchor node placement and propose a set of guidelines to ensure the best possible outcome, while using the smallest number of anchor nodes possible

ABDKS Attribute-Based Encryption with Dynamic Keyword Search in Fog Computing

Attribute-based encryption with keyword search (ABKS) achieves both fine-grained access control and keyword search. However, in the previous ABKS schemes, the search algorithm requires that each keyword between the target keyword set and the ciphertext keyword set be the same, otherwise the algorithm doesn\u27t output any search result, which is not conducive to use. Moreover, the previous ABKS schemes are vulnerable to what we call a \emph{peer-decryption attack}, that is, the ciphertext may be eavesdropped and decrypted by an adversary who has sufficient authorities but no information about the ciphertext keywords. In this paper, we provide a new system in fog computing, the ciphertext-policy attribute-based encryption with dynamic keyword search (ABDKS). In ABDKS, the search algorithm requires only \emph{one} keyword to be identical between the two keyword sets and outputs the corresponding correlation which reflects the number of the same keywords in those two sets. In addition, our ABDKS is resistant to peer-decryption attack, since the decryption requires not only sufficient authority but also at least one keyword of the ciphertext. Beyond that, the ABDKS shifts most computational overheads from resource constrained users to fog nodes. The security analysis shows that the ABDKS can resist Chosen-Plaintext Attack (CPA) and Chosen-Keyword Attack (CKA)

Resilient Routing for Sensor Networks Using Hyperbolic Embedding of Universal Covering Space

Abstract—We study how to characterize the families of paths between any two nodes s, t in a sensor network with holes. Two paths that can be deformed to one another through local changes are called homotopy equivalent. Two paths that pass around holes in different ways have different homotopy types. With a distributed algorithm we compute an embedding of the network in hyperbolic space by using Ricci flow such that paths of different homotopy types are mapped naturally to paths connecting s with different images of t. Greedy routing to a particular image is guaranteed with success to find a path with a given homotopy type. This leads to simple greedy routing algorithms that are resilient to both local link dynamics and large scale jamming attacks and improve load balancing over previous greedy routing algorithms. I

SoK: Cryptographically Protected Database Search

Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary administrator access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly; systems are offered by academia, start-ups, and established companies. However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases. At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. To address these challenges, we provide the following contributions: 1) An identification of the important primitive operations across database paradigms. We find there are a small number of base operations that can be used and combined to support a large number of database paradigms. 2) An evaluation of the current state of protected search systems in implementing these base operations. This evaluation describes the main approaches and tradeoffs for each base operation. Furthermore, it puts protected search in the context of unprotected search, identifying key gaps in functionality. 3) An analysis of attacks against protected search for different base queries. 4) A roadmap and tools for transforming a protected search system into a protected database, including an open-source performance evaluation platform and initial user opinions of protected search.Comment: 20 pages, to appear to IEEE Security and Privac

Trustnet: a Trust and Reputation Management System in Distributed Environments

With emerging Internet-scale open content and resource sharing, social networks, and complex cyber-physical systems, trust issues become prominent. Despite their rigorous foundations, conventional network security theories and mechanisms are inadequate at addressing such loosely-defined security issues in decentralized open environments.In this dissertation, we propose a trust and reputation management system architecture and protocols (TrustNet), aimed to define and promote trust as a first-class system parameter on par with communication, computation, and storage performance metrics. To achieve such a breakthrough, we need a fundamentally new design paradigm to seamlessly integrate trust into system design. Our TrustNet initiative represents a bold effort to approach this ultimate goal. TrustNet is built on the top of underlying P2P and mobile ad hoc network layer and provides trust services to higher level applications and middleware. Following the TrustNet architecture, we design, implement, and analyze trust rating, trust aggregation, and trust management strategies. Especially, we propose three trust dissemination protocols and algorithms to meet the urgent needs and explicitly define and formulate end-to-end trust. We formulate trust management problems and propose the H-Trust, VectorTrust, and cTrust scheme to handle trust establishment and aggregation issues. We model trust relations as a trust graph in distributed environment to enhance accuracy and efficiency of trust establishment among peers. Leveraging the distributed Bellman-Ford algorithm, stochastic Markov chain process and H-Index algorithm for fast and lightweight aggregation of trust scores, our scheme are decentralized and self-configurable trust aggregation schemes.To evaluate TrustNet management strategies, we simulated our proposed protocols in both unstructured P2P network and mobile ad hoc network to analyze and simulate trust relationships. We use software generated data as well as real world data sets. Particularly, the student contact patterns on the NUS campus is used as our trust communication model. The simulation results demonstrate the features of trust relationship dissemination in real environments and the efficiency, accuracy, scalability and robustness of the TrustNet system.Computer Science Departmen

IoTBeholder: A Privacy Snooping Attack on User Habitual Behaviors from Smart Home Wi-Fi Traffic

With the deployment of a growing number of smart home IoT devices, privacy leakage has become a growing concern. Prior work on privacy-invasive device localization, classification, and activity identification have proven the existence of various privacy leakage risks in smart home environments. However, they only demonstrate limited threats in real world due to many impractical assumptions, such as having privileged access to the user's home network. In this paper, we identify a new end-to-end attack surface using IoTBeholder, a system that performs device localization, classification, and user activity identification. IoTBeholder can be easily run and replicated on commercial off-the-shelf (COTS) devices such as mobile phones or personal computers, enabling attackers to infer user's habitual behaviors from smart home Wi-Fi traffic alone. We set up a testbed with 23 IoT devices for evaluation in the real world. The result shows that IoTBeholder has good device classification and device activity identification performance. In addition, IoTBeholder can infer the users' habitual behaviors and automation rules with high accuracy and interpretability. It can even accurately predict the users' future actions, highlighting a significant threat to user privacy that IoT vendors and users should highly concern