Self-healing in unattended wireless sensor networks

Wireless sensor networks (WSNs) appeal to a wide range of applications that involve the monitoring of various physical phenomena. However, WSNs are subject to many threats. In particular, lack of pervasive tamper-resistant hardware results in sensors being easy targets for compromise. Having compromised a sensor, the adversary learns all the sensor secrets, allowing it to later encrypt/decrypt or authenticate messages on behalf of that sensor. This threat is particularly relevant in the novel unattended wireless sensor networks (UWSNs) scenario. UWSNs operate without constant supervision by a trusted sink. UWSN?s unattended nature and increased exposure to attacks prompts the need for special techniques geared towards regaining security after being compromised. In this article, we investigate cooperative self-healing in UWSNs and propose various techniques to allow unattended sensors to recover security after compromise. Our techniques provide seamless healing rates even against a very agile and powerful adversary. The effectiveness and viability of our proposed techniques are assessed by thorough analysis and supported by simulation results. Finally, we introduce some real-world issues affecting UWSN deployment and provide some solutions for them as well as a few open problems calling for further investigation

Forward-Security in Private-Key Cryptography

This paper provides a comprehensive treatment of forward-security in the context of sharedkey based cryptographic primitives, as a practical means to mitigate the damage caused by key-exposure. We provide definitions of security, practical proven-secure constructions, and applications for the main primitives in this area. We identify forward-secure pseudorandom bit generators as the central primitive, providing several constructions and then showing how forward-secure message authentication schemes and symmetric encryption schemes can be built based on standard schemes for these problems coupled with forward-secure pseudorandom bit generators. We then apply forward-secure message authentication schemes to the problem of maintaining secure access logs in the presence of break-ins

A Novel Adaptive Proactive Secret Sharing without a Trusted Party

A $(t+1,n)$ proactive secret sharing is to protect a secret in long-lived system by distributing it to a group of $n$ participants and refreshing their shares periodically in this fixed group, while any $t+1$ and more than $t+1$ shares can reconstruct the secret. In some environment, it needs to change not only the number of participants $n$ but also the threshold value $t$. An adaptive proactive secret sharing is to refresh the shares as $t$ and $n$ change. In this paper, we propose a novel adaptive proactive secret sharing scheme without a trusted party. Our proposed scheme is uniformly efficient and tolerates $t$ Byzantine faults in any single time interval, where the number of participants $n\geq 3t+1$. The threshold value $t$ and the number of participants $n$ can be changed arbitrarily in two adjacent intervals. We also prove that our proposed scheme is secure under the discrete logarithm intractability assumption

A New Strong Proactive Verifiable Secret Sharing Scheme with Unconditional Security

Title from PDF of title page, viewed on January 20, 2011.Thesis advisor: Lein Harn.Vita.Thesis (M.S.)--School of Computing and Engineering. University of Missouri--Kansas City, 2010.Includes bibliographic references (pages 55-58).In secret sharing scheme, the master secret and all the private shares (which are distributed by the dealer to the shareholders) are the two secrets which are to be maintained confidentially. In all the secret sharing schemes proposed till date, private shares are reused to reconstruct the master secret. But we proposed a new way of Proactive Secret Sharing Scheme in which, instead of renewing the private shares frequently at the beginning of each timeslot during the share renewal process, each time master secret is renewed. In this way private shares can be reused for a longer period of time and to construct different master secrets. In addition, after each renewing process, shareholders can work together to verify that their private shares are consistent without revealing private shares. We also proposed protocols to generate and renew master secret, authenticate public shares of the master secret, add or revoke shares and change threshold of the master secret. Thus an enhancement to Proactive Secret Sharing is proposed in this thesis and this unique feature simples the implementation of PSS as the change is to be made only to the master secret (central server) without effecting all private shares.Introduction -- Related Work -- Our Scheme -- Conclusion

A Simpler Variant of Universally Composable Security for Standard Multiparty Computation

In this paper, we present a simpler and more restricted variant of the universally composable security (UC) framework that is suitable for ``standard\u27\u27 two-party and multiparty computation tasks. Many of the complications of the UC framework exist in order to enable more general tasks than classic secure computation. This generality may be a barrier to entry for those who are used to the stand-alone model of secure computation and wish to work with universally composable security but are overwhelmed by the differences. The variant presented here (called simplified universally composable security, or just SUC) is closer to the definition of security for multiparty computation in the stand-alone setting. The main difference is that a protocol in the SUC framework runs with a \emph{fixed set of parties} who know each other\u27s identities ahead of time, and machines \emph{cannot be added dynamically} to the execution. As a result, the definitions of polynomial time and protocol composition are much simpler. In addition, the SUC framework has authenticated channels built in, as is standard in previous definitions of security, and all communication is done via the adversary in order to enable arbitrary scheduling of messages. Due to these differences, not all cryptographic tasks can be expressed in the SUC framework. Nevertheless, standard secure computation tasks (like secure function evaluation) can be expressed. Importantly, we show a natural security-preserving transformation from protocols in the SUC model to protocols in the full-fledged UC model. Consequently, the UC composition theorem holds in the SUC model, and any protocol that is proven secure under SUC can be transformed to a protocol that is secure in the UC model

Communication-Efficient (Proactive) Secure Computation for Dynamic General Adversary Structures and Dynamic Groups

In modern distributed systems, an adversary’s limitations when corrupting subsets of servers may not necessarily be based on threshold constraints, but rather based on other technical or organizational characteristics in the systems. This means that the corruption patterns (and thus protection guarantees) are not based on the adversary being limited by a threshold, but on the adversary being limited by other constraints, in particular by what is known as a General Adversary Structure (GAS). We consider efficient secure multiparty computation (MPC) under such dynamically-changing GAS settings. During these changes, one desires to protect against and during corruption profile change, which renders some (secret sharing-based) encoding schemes underlying the MPC protocol more efficient than others when operating with the (currently) considered GAS. One of our contributions is a set of novel protocols to efficiently and securely convert back and forth between different MPC schemes for GAS; this process is often called share conversion. Specifically, we consider two MPC schemes, one based on additive secret sharing and the other based on Monotone Span Programs (MSP). The ability to efficiently convert between the secret sharing representations of these MPC schemes enables us to construct the first communication-efficient structure-adaptive proactive MPC protocol for dynamic GAS settings. By structure-adaptive, we mean that the choice of the MPC protocol to execute in future rounds after the GAS is changed (as specified by an administrative entity) is chosen to ensure communication-efficiency (the typical bottleneck in MPC). Furthermore, since such secure collaborative computing may be long-lived, we consider the mobile adversary setting, often called the proactive security setting. As our second contribution, we construct communication-efficient MPC protocols that can adapt to the proactive security setting. Proactive security assumes that at each (well defined) period of time the adversary corrupts different parties and over time may visit the entire system and corrupt all parties, provided that in each period it controls groups obeying the GAS constraints. In our protocol, the shares can be refreshed, meaning that parties receive new shares reconstructing the same secret, and some parties who lost their shares because of the reboot/resetting can recover their shares. As our third contribution, we consider another aspect of global long-term computations, namely, that of the dynamic groups. It is worth pointing out that such a setting with dynamic groups and GAS was not dealt with in existing literature on (proactive) MPC. In dynamic group settings, parties can be added and eliminated from the computation, under different GAS restrictions. We extend our protocols to this additional dynamic group settings defined by different GAS