Security in heterogeneous wireless networks

The proliferation of a range of wireless devices, from the cheap low power resource starved sensor nodes to the ubiquitous cell phones and PDA\u27s has resulted in their use in many applications. Due to their inherent broadcast nature Security and Privacy in wireless networks is harder than the wired networks. Along with the traditional security requirements like confidentiality, integrity and non-repudiation new requirements like privacy and anonymity are important in wireless networks. These factors combined with the fact that nodes in a wireless network may have different resource availabilities and trust levels makes security in wireless networks extremely challenging. The functional lifetime of sensor networks in general is longer than the operational lifetime of a single node, due to limited battery power. Therefore to keep the network working multiple deployments of sensor nodes are needed. In this thesis, we analyze the vulnerability of the existing key predistribution schemes arising out of the repeated use of fixed key information through multiple deployments. We also develop SCON, an approach for key management that provides a significant improvement in security using multiple key pools. SCON performs better in a heterogeneous environment. We present a key distribution scheme that allows mobile sensor nodes to connect with stationary nodes of several networks. We develop a key distribution scheme for a semi ad-hoc network of cell phones. This scheme ensures that cell phones are able to communicate securely with each other when the phones are unable to connect to the base station. It is different from the traditional ad hoc networks because the phones were part of a centralized network before the base station ceased to work. This allows efficient distribution of key material making the existing schemes for ad hoc networks ineffective. In this thesis we present a mechanism for implementing authenticated broadcasts which ensure non-repudiation using identity based cryptography. We also develop a reputation based mechanism for the distributed detection and revocation of malicious cell phones. Schemes which use the cell phone for secure spatial authentication have also been presented

Multiphase deployment models for fast self healing in wireless sensor networks

The majority of studies on security in resource limited wireless sensor networks (WSN) focus on finding an efficient balance among energy consumption, computational speed and memory usage. Besides these resources, time is a relatively immature aspect that can be considered in system design and performance evaluations. In a recent study(Castelluccia and Spognardi, 2007), the time dimension is used to lower the ratio of compromised links, thus, improving resiliency in key distribution in WSNs. This is achieved by making the old and possibly compromised keys useful only for a limited amount of time. In this way, the effect of compromised keys diminish in time, so the WSN selfheals. In this study we further manipulate the time dimension and propose a deployment model that speeds up the resilience improvement process with a tradeoff between connectivity and resiliency. In our method, self healing speeds up by introducing nodes that belong to future generations in the time scale. In this way, the duration that the adversary can make use of compromised keys become smaller

Quarantine region scheme to mitigate spam attacks in wireless sensor networks

The Quarantine Region Scheme (QRS) is introduced to defend against spam attacks in wireless sensor networks where malicious antinodes frequently generate dummy spam messages to be relayed toward the sink. The aim of the attacker is the exhaustion of the sensor node batteries and the extra delay caused by processing the spam messages. Network-wide message authentication may solve this problem with a cost of cryptographic operations to be performed over all messages. QRS is designed to reduce this cost by applying authentication only whenever and wherever necessary. In QRS, the nodes that detect a nearby spam attack assume themselves to be in a quarantine region. This detection is performed by intermittent authentication checks. Once quarantined, a node continuously applies authentication measures until the spam attack ceases. In the QRS scheme, there is a tradeoff between the resilience against spam attacks and the number of authentications. Our experiments show that, in the worst-case scenario that we considered, a not quarantined node catches 80 percent of the spam messages by authenticating only 50 percent of all messages that it processe

Key management for wireless sensor network security

Wireless Sensor Networks (WSNs) have attracted great attention not only in industry but also in academia due to their enormous application potential and unique security challenges. A typical sensor network can be seen as a combination of a number of low-cost sensor nodes which have very limited computation and communication capability, memory space, and energy supply. The nodes are self-organized into a network to sense or monitor surrounding information in an unattended environment, while the self-organization property makes the networks vulnerable to various attacks.Many cryptographic mechanisms that solve network security problems rely directly on secure and efficient key management making key management a fundamental research topic in the field of WSNs security. Although key management for WSNs has been studied over the last years, the majority of the literature has focused on some assumed vulnerabilities along with corresponding countermeasures. Specific application, which is an important factor in determining the feasibility of the scheme, has been overlooked to a large extent in the existing literature.This thesis is an effort to develop a key management framework and specific schemes for WSNs by which different types of keys can be established and also can be distributed in a self-healing manner; explicit/ implicit authentication can be integrated according to the security requirements of expected applications. The proposed solutions would provide reliable and robust security infrastructure for facilitating secure communications in WSNs.There are five main parts in the thesis. In Part I, we begin with an introduction to the research background, problems definition and overview of existing solutions. From Part II to Part IV, we propose specific solutions, including purely Symmetric Key Cryptography based solutions, purely Public Key Cryptography based solutions, and a hybrid solution. While there is always a trade-off between security and performance, analysis and experimental results prove that each proposed solution can achieve the expected security aims with acceptable overheads for some specific applications. Finally, we recapitulate the main contribution of our work and identify future research directions in Part V

Node clone detection using a stable overlay network

Wireless sensor networks consist of number of sensor nodes widely distributed in particular region to communicate and sharing the environmental information and also these data’s are stored in central location for further data prediction. Such nodes are susceptible to cloning attack where the adversary captures a node, replicates with the same identity as that of the captured node and deploys the clone back into the network, causing severe harm to the network. Hence to thwart such attacks, a distributed detection protocol is used with initiator-observer-inspector roles assigned randomly for the nodes to witness the clone and thereby broadcast the evidence through a balanced overlay network. Use of such balanced network provides high security level and reduces the communication cost when compared to other overlay networks with a reasonably less storage consumption

Multipath Key Establishment for Wireless Sensor Networks Using Just-Enough Redundancy Transmission

In random key predistribution techniques for wireless sensor networks, a relatively small number of keys are randomly chosen from a large key pool and are loaded on the sensors prior to deployment. After deployment, each sensor tries finding a common key shared by itself and each of its neighbors to establish a link key to protect the wireless communication between themselves. One intrinsic disadvantage of such techniques is that some neighboring sensors do not share any common key. In order to establish a link key among these neighbors, a multihop secure path may be used to deliver the secret. Unfortunately, the possibility of sensors being compromised on the path may render such an establishment process insecure. In this work, we propose and analyze the Just-Enough Redundancy Transmission (JERT) scheme that uses the powerful Maximum-Distance Separable (MDS) codes to address the problem. In the JERT scheme, the secret link key is encoded in (n, k) MDS code and transmitted through multiple multihop paths. To reduce the total information that needs to be transmitted, the redundant symbols of the MDS codes are transmitted only if the destination fails to decode the secret. The JERT scheme is demonstrated to be efficient and resilient against node capture. One salient feature of the JERT scheme is its flexibility of trading transmission for lower information disclosure