Solutions and Tools for Secure Communication in Wireless Sensor Networks

Secure communication is considered a vital requirement in Wireless Sensor Network (WSN) applications. Such a requirement embraces different aspects, including confidentiality, integrity and authenticity of exchanged information, proper management of security material, and effective prevention and reaction against security threats and attacks. However, WSNs are mainly composed of resource-constrained devices. That is, network nodes feature reduced capabilities, especially in terms of memory storage, computing power, transmission rate, and energy availability. As a consequence, assuring secure communication in WSNs results to be more difficult than in other kinds of network. In fact, trading effectiveness of adopted solutions with their efficiency becomes far more important. In addition, specific device classes or technologies may require to design ad hoc security solutions. Also, it is necessary to efficiently manage security material, and dynamically cope with changes of security requirements. Finally, security threats and countermeasures have to be carefully considered since from the network design phase. This Ph.D. dissertion considers secure communication in WSNs, and provides the following contributions. First, we provide a performance evaluation of IEEE 802.15.4 security services. Then, we focus on the ZigBee technology and its security services, and propose possible solutions to some deficiencies and inefficiencies. Second, we present HISS, a highly scalable and efficient key management scheme, able to contrast collusion attacks while displaying a graceful degradation of performance. Third, we present STaR, a software component for WSNs that secures multiple traffic flows at the same time. It is transparent to the application, and provides runtime reconfigurability, thus coping with dynamic changes of security requirements. Finally, we describe ASF, our attack simulation framework for WSNs. Such a tool helps network designers to quantitatively evaluate effects of security attacks, produce an attack ranking based on their severity, and thus select the most appropriate countermeasures

Selective capping of packet payloads multi-Gb/s rates

Nowadays, network traces are an important tool to characterize network traffic, detect anomalies and evaluate performance forensically, among others task. However, the storage and speed required for traffic traces have been greatly expanded in the actual multi-Gb/s networks. In this light, as an attempt to reduce such write speed and storage requirements on hard drives and further reduce the computational burden of packet analysis, we propose a selectively capping of packet payloads. Our proposal takes advantage of most packet payloads being useless for analysis purposes, because they are either encrypted or in a proprietary application non-readable format. Then, such payloads can be capped. Conversely, non-ASCII packets from wellknown protocols and protocols with some ASCII data are fully captured as they may be potentially useful for network analysis. We have implemented and integrated this proposal into a high speed network driver and a software module at user level, to make its operation more transparent and faster to upper-layer applications. In addition, a detailed cost and analysis of base-algorithm implemented as well as its optimization are presented throughout this work. The results are promising, selective capping achieves multi-Gb/s rates by exploiting low level hardware and software techniques to meet the fastest network rates. Moreover, storage savings between two and three times are achieved by capping nearly 60% of packets payloads in multiple realistic scenarios.Actualmente, las trazas de red son una herramienta esencial en el trabajo de los analistas y administradores de red, ya que les permiten entender el comportamiento del tráfico, detectar anomalías y ataques y evaluar el desempeño de la red, entre otras tareas. Sin embargo, las altas velocidad de las redes actuales dificultan en gran medida la captura de las trazas ya que se requiere un gran espacio de almacenamiento para guardar apenas tiempo de monitorización. El problema del espacio de almacenamiento se suma al de la alta tasa de escritura en disco que se debe mantener para no perder información. En este trabajo, se presenta un filtro selectivo a nivel de paquetes. El método propuesto se aprovecha de que una gran parte de los paquetes que circulan por la red no son útiles para los analistas, protocolos cifrados o propietarios con contenido no legible, y por tanto podemos no guardar la carga útil dichos paquetes ahorrando el correspondiente espacio y reduciendo la tasa de escritura en disco necesaria para monitorizar la red. Mientras que los paquetes de protocolos conocidos o de estructura desconocida pero contenido legible (por ejemplo con codificación ASCII) son capturados enteramente. Además, se describen dos implementaciones del filtro integrándolo en un driver de red de altas prestaciones y alternativamente como aplicación de la capa de usuario, y se detalla un análisis de las prestaciones en ambas arquitecturas. Los resultados aquí presentados son prometedores, las pruebas realizadas alcanzan tasas de monitorización cercanas a los 10Gb/s y muestran que es posible aplicar un filtro selectivo en la monitorización de redes de altas prestaciones

An Outline of Security in Wireless Sensor Networks: Threats, Countermeasures and Implementations

With the expansion of wireless sensor networks (WSNs), the need for securing the data flow through these networks is increasing. These sensor networks allow for easy-to-apply and flexible installations which have enabled them to be used for numerous applications. Due to these properties, they face distinct information security threats. Security of the data flowing through across networks provides the researchers with an interesting and intriguing potential for research. Design of these networks to ensure the protection of data faces the constraints of limited power and processing resources. We provide the basics of wireless sensor network security to help the researchers and engineers in better understanding of this applications field. In this chapter, we will provide the basics of information security with special emphasis on WSNs. The chapter will also give an overview of the information security requirements in these networks. Threats to the security of data in WSNs and some of their counter measures are also presented

Efficient Transaction Processing in SAP HANA Database: The End of a Column Store Myth

The SAP HANA database is the core of SAP's new data management platform. The overall goal of the SAP HANA database is to provide a generic but powerful system for different query scenarios, both transactional and analytical, on the same data representation within a highly scalable execution environment. Within this paper, we highlight the main features that differentiate the SAP HANA database from classical relational database engines. Therefore, we outline the general architecture and design criteria of the SAP HANA in a first step. In a second step, we challenge the common belief that column store data structures are only superior in analytical workloads and not well suited for transactional workloads. We outline the concept of record life cycle management to use different storage formats for the different stages of a record. We not only discuss the general concept but also dive into some of the details of how to efficiently propagate records through their life cycle and moving database entries from write-optimized to read-optimized storage formats. In summary, the paper aims at illustrating how the SAP HANA database is able to efficiently work in analytical as well as transactional workload environments

Sandboxed, Online Debugging of Production Bugs for SOA Systems

Short time-to-bug localization is extremely important for any 24x7 service-oriented application. To this end, we introduce a new debugging paradigm called live debugging. There are two goals that any live debugging infrastructure must meet: Firstly, it must offer real-time insight for bug diagnosis and localization, which is paramount when errors happen in user-facing applications. Secondly, live debugging should not impact user-facing performance for normal events. In large distributed applications, bugs which impact only a small percentage of users are common. In such scenarios, debugging a small part of the application should not impact the entire system. With the above-stated goals in mind, this thesis presents a framework called Parikshan, which leverages user-space containers (OpenVZ) to launch application instances for the express purpose of live debugging. Parikshan is driven by a live-cloning process, which generates a replica (called debug container) of production services, cloned from a production container which continues to provide the real output to the user. The debug container provides a sandbox environment, for safe execution of monitoring/debugging done by the users without any perturbation to the execution environment. As a part of this framework, we have designed customized-network proxies, which replicate inputs from clients to both the production and test-container, as well safely discard all outputs. Together the network duplicator, and the debug container ensure both compute and network isolation of the debugging environment. We believe that this piece of work provides the first of its kind practical real-time debugging of large multi-tier and cloud applications, without requiring any application downtime, and minimal performance impact

The Life-Cycle Policy model

Our daily life activity leaves digital trails in an increasing number of databases (commercial web sites, internet service providers, search engines, location tracking systems, etc). Personal digital trails are commonly exposed to accidental disclosures resulting from negligence or piracy and to ill-intentioned scrutinization and abusive usages fostered by fuzzy privacy policies. No one is sheltered because a single event (e.g., applying for a job or a credit) can suddenly make our history a precious asset. By definition, access control fails preventing trail disclosures, motivating the integration of the Limited Data Retention principle in legislations protecting data privacy. By this principle, data is withdrawn from a database after a predefined time period. However, this principle is difficult to apply in practice, leading to retain useless sensitive information for years in databases. In this paper, we propose a simple and practical data degradation model where sensitive data undergoes a progressive and irreversible degradation from an accurate state at collection time, to intermediate but still informative degraded states, up to complete disappearance when the data becomes useless. The benefits of data degradation is twofold: (i) by reducing the amount of accurate data, the privacy offence resulting from a trail disclosure is drastically reduced and (ii) degrading the data in line with the application purposes offers a new compromise between privacy preservation and application reach. We introduce in this paper a data degradation model, analyze its impact over core database techniques like storage, indexation and transaction management and propose degradation-aware techniques

Security and Privacy for Modern Wireless Communication Systems

The aim of this reprint focuses on the latest protocol research, software/hardware development and implementation, and system architecture design in addressing emerging security and privacy issues for modern wireless communication networks. Relevant topics include, but are not limited to, the following: deep-learning-based security and privacy design; covert communications; information-theoretical foundations for advanced security and privacy techniques; lightweight cryptography for power constrained networks; physical layer key generation; prototypes and testbeds for security and privacy solutions; encryption and decryption algorithm for low-latency constrained networks; security protocols for modern wireless communication networks; network intrusion detection; physical layer design with security consideration; anonymity in data transmission; vulnerabilities in security and privacy in modern wireless communication networks; challenges of security and privacy in node–edge–cloud computation; security and privacy design for low-power wide-area IoT networks; security and privacy design for vehicle networks; security and privacy design for underwater communications networks

An architecture framework for enhanced wireless sensor network security

This thesis develops an architectural framework to enhance the security of Wireless Sensor Networks (WSNs) and provides the implementation proof through different security countermeasures, which can be used to establish secure WSNs, in a distributed and self-healing manner. Wireless Sensors are used to monitor and control environmental properties such as sound, acceleration, vibration, air pollutants, and temperature. Due to their limited resources in computation capability, memory and energy, their security schemes are susceptible to many kinds of security vulnerabilities. This thesis investigated all possible network attacks on WSNs and at the time of writing, 19 different types of attacks were identified, all of which are discussed including exposures to the attacks, and the impact of those attacks. The author then utilises this work to examine the ZigBee series, which are the new generation of wireless sensor network products with built-in layered security achieved by secure messaging using symmetric cryptography. However, the author was able to uniquely identify several security weaknesses in ZigBee by examining its protocol and launching the possible attacks. It was found that ZigBee is vulnerable to the following attacks, namely: eavesdropping, replay attack, physical tampering and Denial of Services (DoS). The author then provides solutions to improve the ZigBee security through its security schema, including an end-to-end WSN security framework, architecture design and sensor configuration, that can withstand all types of attacks on the WSN and mitigate ZigBee’s WSN security vulnerabilities