An Energy Aware and Secure MAC Protocol for Tackling Denial of Sleep Attacks in Wireless Sensor Networks

Wireless sensor networks which form part of the core for the Internet of Things consist of resource constrained sensors that are usually powered by batteries. Therefore, careful energy awareness is essential when working with these devices. Indeed,the introduction of security techniques such as authentication and encryption, to ensure confidentiality and integrity of data, can place higher energy load on the sensors. However, the absence of security protection c ould give room for energy drain attacks such as denial of sleep attacks which have a higher negative impact on the life span ( of the sensors than the presence of security features. This thesis, therefore, focuses on tackling denial of sleep attacks from two perspectives A security perspective and an energy efficiency perspective. The security perspective involves evaluating and ranking a number of security based techniques to curbing denial of sleep attacks. The energy efficiency perspective, on the other hand, involves exploring duty cycling and simulating three Media Access Control ( protocols Sensor MAC, Timeout MAC andTunableMAC under different network sizes and measuring different parameters such as the Received Signal Strength RSSI) and Link Quality Indicator ( Transmit power, throughput and energy efficiency Duty cycling happens to be one of the major techniques for conserving energy in wireless sensor networks and this research aims to answer questions with regards to the effect of duty cycles on the energy efficiency as well as the throughput of three duty cycle protocols Sensor MAC ( Timeout MAC ( and TunableMAC in addition to creating a novel MAC protocol that is also more resilient to denial of sleep a ttacks than existing protocols. The main contributions to knowledge from this thesis are the developed framework used for evaluation of existing denial of sleep attack solutions and the algorithms which fuel the other contribution to knowledge a newly developed protocol tested on the Castalia Simulator on the OMNET++ platform. The new protocol has been compared with existing protocols and has been found to have significant improvement in energy efficiency and also better resilience to denial of sleep at tacks Part of this research has been published Two conference publications in IEEE Explore and one workshop paper

Enhancing Secure Sockets Layer Bulk Data Trnsfer Phase Performance With Parallel Cryptography Algorithm

With more than 2 billion people connected to the Internet, information security has become a top priority. Many applications such as electronic banking, medical database, and electronic commerce require the exchange of private information. Hashed Message Authentication Code (HMAC) is widely used to provide authenticity, while symmetric encryption algorithms provide confidentiality. Secure Socket Layer (SSL) is one of the most widely used security protocols on the Internet. In the current Bulk Data Transfer (BDT) phase in SSL, the server or the client firstly calculates the Message Authentication Code (MAC) of the data using HMAC operation, and then performs the symmetric encryption on the data together with the MAC. Despite steady improvements in SSL performance, BDT operation degrades CPU performance. This is due to the cryptography operations that include the HMAC and symmetric encryptions. The thesis proposes a new algorithm that provides a significant performance gain in bulk data transfer without compromising the security. The proposed algorithm performs the encryption of the data and the calculation of the MAC in parallel. The server calculates the MAC of the data the same time the encryption processes the data. Once the calculation of the MAC is completed, only then the MAC will be encrypted. The proposed algorithm was simulated using two processors with one performing the HMAC calculation and the other encrypting the data, simultaneously. Advanced Encryption Standard (AES) was chosen as encryption algorithm and HMAC Standard Hash Algorithm 1 (SHA1) was chosen as HMAC algorithm. The communication between the processors was done via Message Passing Interface (MPI). The existing sequential and the proposed parallel algorithms were simulated successfully while preserving security properties. Based on the performance simulations, the new parallel algorithm gained speedup of 1.74 with 85% efficiency over the current sequential algorithm. The parallel overheads that limit the maximum achievable speedup were also considered. Different block cipher modes were used in which the Cipher-Block Chaining (CBC) gives the best speedup among the feedback cipher modes. In addition, Triple Data Encryption Standard (3DES) was also simulated as the encryption algorithm to compare the speedup performance with AES encryption

Categorization of Faulty Nonce Misuse Resistant Message Authentication

A growing number of lightweight block ciphers are proposed for environments such as the Internet of Things. An important contribution to the reduced implementation cost is a block length n of 64 or 96 bits rather than 128 bits. As a consequence, encryption modes and message authentication code (MAC) algorithms require security beyond the 2^{n/2} birthday bound. This paper provides an extensive treatment of MAC algorithms that offer beyond birthday bound PRF security for both nonce-respecting and nonce-misusing adversaries. We study constructions that use two block cipher calls, one universal hash function call and an arbitrary number of XOR operations. We start with the separate problem of generically identifying all possible secure n-to-n-bit pseudorandom functions (PRFs) based on two block cipher calls. The analysis shows that the existing constructions EDM, SoP, and EDMD are the only constructions of this kind that achieve beyond birthday bound security. Subsequently we deliver an exhaustive treatment of MAC algorithms, where the outcome of a universal hash function evaluation on the message may be entered at any point in the computation of the PRF. We conclude that there are a total amount of nine schemes that achieve beyond birthday bound security, and a tenth construction that cannot be proven using currently known proof techniques. For these former nine MAC algorithms, three constructions achieve optimal n-bit security in the nonce-respecting setting, but are completely insecure if the nonce is reused. The remaining six constructions have 3n/4-bit security in the nonce-respecting setting, and only four out of these six constructions still achieve beyond the birthday bound security in the case of nonce misuse

Secure MAC protocols for cognitive radio networks

A thesis submitted in partial fulfilment for the degree of Doctor of PhilosophyWith the rapid increase in wireless devices, an effective improvement in the demand of efficient spectrum utilisation for gaining better connectivity is needed. Cognitive Radio (CR) is an emerging technology that exploits the inefficient utilisation of the unused spectrum dynamically. Since spectrum sharing is responsible for coordinating channels’ access for Cognitive Users (CUs), the Common Control Channel (CCC) is one of the existing methods used to exchange the control information between CUs. However, the unique characteristics and parameters of Cognitive Radio Networks (CRNs) present several possible threats targeting spectrum sensing, spectrum management, spectrum sharing, and spectrum mobility leading to the deterioration of the network performance. Thus, protection and detection security mechanisms are essential to maintaining the CRNs. This thesis presents a novel decentralised CR MAC protocol that successfully utilises the unused portion of the licensed band. The protocol achieves improved performance; communication time and throughput when compared to two benchmark protocols. Less communication time and higher throughput are accomplished by the protocol due to performing fast switching to the selected available data channel for initiating data transmission. The proposed protocol is then extended to two different versions based on two authentication approaches applied to it; one using Digital Signature and another is based on Shared-Key. The two proposed secure protocols address the security requirements in CRNs leading to subsequent secure communication among CUs. The protocols function effectively in providing defence against several attacks related to the MAC layer such as; Spectrum Sensing Data Manipulation/Falsification, Data Tempering and Modification, Jamming attacks, Eavesdropping, Forgery and Fake control information attacks, MAC address spoofing, and unauthorised access attacks. The associated security algorithms ensure the successful secure communication between CUs in a cooperative approach. Moreover, the security protocols are investigated and analysed in terms of security flows by launching unauthorised access and modification attacks on the transmitted information. The testing results demonstrated that two protocols perform successful detection of threats and ensure secure communication in CRNs

Improving security performance with parallel crypto operations in SSL bulk data transfer

Information security, including integrity and privacy, is an important concern among today’s computer users due to increased connectivity. Despite a number of secure algorithms that have been proposed, the trade-offs made between security and performance demands further research toward improvement. For example, in bulk data transfer, especially in large messages, the secured processing time takes much longer than non-secured processes. This is due to crypto operations, which include symmetric encryption operations and hashing functions. In the current bulk data transfer phase in Secure Socket Layer (SSL), the server or the client firstly calculates the Message Authentication Code (MAC) of the data using HMAC operation, and then performs the symmetric encryption on the data together with the MAC. This paper proposes a new algorithm which provides a significant performance gain in bulk data transfer without compromising the security. The proposed algorithm performs the encryption of the data and the calculation of the MAC in parallel. The server calculates the MAC of the data at the same time as the encryption process of the data. Once the calculation of the MAC is completed, only then the MAC will be encrypted. The algorithm was simulated in two processors with one processor performing the MAC calculation and the other on encrypting the data, simultaneously. The communication between the two processors was done via Message Passing Interface (MPI). Based on the performance simulations, the new parallel algorithm gained speedup of 1.74 with 85% efficiency over the sequential (current) algorithm

Improving security performance with parallel crypto operations in SSL bulk data transfer

Information security, including integrity and privacy, is an important concern among today’s computer users due to increased connectivity. Despite a number of secure algorithms that have been proposed, the trade-offs made between security and performance demands further research toward improvement. For example, in bulk data transfer, especially in large messages, the secured processing time takes much longer than non-secured processes. This is due to crypto operations, which include symmetric encryption operations and hashing functions. In the current bulk data transfer phase in Secure Socket Layer (SSL), the server or the client firstly calculates the Message Authentication Code (MAC) of the data using HMAC operation, and then performs the symmetric encryption on the data together with the MAC. This paper proposes a new algorithm which provides a significant performance gain in bulk data transfer without compromising the security. The proposed algorithm performs the encryption of the data and the calculation of the MAC in parallel. The server calculates the MAC of the data at the same time as the encryption process of the data. Once the calculation of the MAC is completed, only then the MAC will be encrypted. The algorithm was simulated in two processors with one processor performing the MAC calculation and the other on encrypting the data, simultaneously. The communication between the two processors was done via Message Passing Interface (MPI). Based on the performance simulations, the new parallel algorithm gained speedup of 1.74 with 85% efficiency over the sequential (current) algorithm

Enhancing security performance with parallel crypto operations in SSL bulk data transfer phase

Information security, including integrity and privacy, is an important concern among today's computer users due to increased connectivity. Despite a number of secure algorithms that have been proposed, the trade-offs made between security and performance demands further research toward improvement. In bulk data transfer, especially in large messages, the secured processing time takes much longer than non-secured processes. This is due to crypto operations, which include symmetric encryption operations and hashing functions. In the current bulk data transfer phase in Secure Socket Layer (SSL), the server or the client firstly calculates the Message Authentication Code (MAC) of the data using Keyed-Hash Message Authentication Code (HMAC) operation, and then performs the symmetric encryption on the data together with the MAC. This paper proposes a new algorithm which provides a significant performance gain in bulk data transfer without compromising the security. The proposed algorithm performs the encryption of the data and the calculation of the MAC in parallel. The server calculates the MAC of the data at the same time as the encryption process of the data. Once the calculation of the MAC is completed, only then the MAC will be encrypted. The algorithm was simulated in two processors with one processor performing the MAC calculation and the other on encrypting the data, simultaneously. The communication between the two processors was done via Message Passing Interface (MPI). Based on the performance simulations, the new parallel algorithm gained speedup of 1.74 with 85% efficiency over the current (sequential) algorithm

Beyond Modes: Building a Secure Record Protocol from a Cryptographic Sponge Permutation

Abstract. BLINKER is a light-weight cryptographic suite and record protocol built from a single permutation. Its design is based on the Sponge construction used by the SHA-3 algorithm KECCAK. We examine the SpongeWrap authen-ticated encryption mode and expand its padding mechanism to offer explicit do-main separation and enhanced security for our specific requirements: shared se-cret half-duplex keying, encryption, and a MAC-and-continue mode. We motivate these enhancements by showing that unlike legacy protocols, the resulting record protocol is secure against a two-channel synchronization attack while also having a significantly smaller implementation footprint. The design facilitates security proofs directly from a single cryptographic primitive (a single security assump-tion) rather than via idealization of multitude of algorithms, paddings and modes of operation. The protocol is also uniquely suitable for an autonomous or semi-autonomous hardware implementation of protocols where the secrets never leave the module, making it attractive for smart card and HSM designs