Group Rekeying Schemes for Secure Group Communication in Wireless Sensor Networks

Wireless sensor networks are promising solutions for many applications. However, wireless sensor nodes suffer from many constraints such as low computation capability, small memory, limited energy resources, and so on. Grouping is an important technique to localize computation and reduce communication overhead in wireless sensor networks. In this paper, we use grouping to refer to the process of combining a set of sensor nodes with similar properties. We propose two centralized group rekeying (CGK) schemes for secure group communication in sensor networks. The lifetime of a group is divided into three phases, i.e., group formation, group maintenance, and group dissolution. We demonstrate how to set up the group and establish the group key in each phase. Our analysis shows that the proposed two schemes are computationally efficient and secure

BOOM: Broadcast Optimizations for On-chip Meshes

Future many-core chips will require an on-chip network that can support broadcasts and multicasts at good power-performance. A vanilla on-chip network would send multiple unicast packets for each broadcast packet, resulting in latency, throughput and power overheads. Recent research in on-chip multicast support has proposed forking of broadcast/multicast packets within the network at the router buffers, but these techniques are far from ideal, since they increase buffer occupancy which lowers throughput, and packets incur delay and power penalties at each router. In this work, we analyze an ideal broadcast mesh; show the substantial gaps between state-of-the-art multicast NoCs and the ideal; then propose BOOM, which comprises a WHIRL routing protocol that ideally load balances broadcast traffic, a mXbar multicast crossbar circuit that enables multicast traversal at similar energy-delay as unicasts, and speculative bypassing of buffering for multicast flits. Together, they enable broadcast packets to approach the delay, energy, and throughput of the ideal fabric. Our simulations show BOOM realizing an average network latency that is 5% off ideal, attaining 96% of ideal throughput, with energy consumption that is 9% above ideal. Evaluations using synthetic traffic show BOOM achieving a latency reduction of 61%, throughput improvement of 63%, and buffer power reduction of 80% as compared to a baseline broadcast. Simulations with PARSEC benchmarks show BOOM reducing average request and network latency by 40% and 15% respectively

One Video Stream to Serve Diverse Receivers

The fundamental problem of wireless video multicast is to scalably serve multiple receivers which may have very different channel characteristics. Ideally, one would like to broadcast a single stream that allows each receiver to benefit from all correctly received bits to improve its video quality. We introduce Digital Rain, a new approach to wireless video multicast that adapts to channel characteristics without any need for receiver feedback or variable codec rates. Users that capture more packets or have fewer bit errors naturally see higher video quality. Digital Rain departs from current approaches in two ways: 1) It allows a receiver to exploit video packets that may contain bit errors; 2) It builds on the theory of compressed sensing to develop robust video encoding and decoding algorithms that degrade smoothly with bit errors and packet loss. Implementation results from an indoor wireless testbed show that Digital Rain significantly improves the received video quality and the number of supported receivers

Graph Pattern Matching on Symmetric Multiprocessor Systems

Graph-structured data can be found in nearly every aspect of today's world, be it road networks, social networks or the internet itself. From a processing perspective, finding comprehensive patterns in graph-structured data is a core processing primitive in a variety of applications, such as fraud detection, biological engineering or social graph analytics. On the hardware side, multiprocessor systems, that consist of multiple processors in a single scale-up server, are the next important wave on top of multi-core systems. In particular, symmetric multiprocessor systems (SMP) are characterized by the fact, that each processor has the same architecture, e.g. every processor is a multi-core and all multiprocessors share a common and huge main memory space. Moreover, large SMPs will feature a non-uniform memory access (NUMA), whose impact on the design of efficient data processing concepts should not be neglected. The efficient usage of SMP systems, that still increase in size, is an interesting and ongoing research topic. Current state-of-the-art architectural design principles provide different and in parts disjunct suggestions on which data should be partitioned and or how intra-process communication should be realized. In this thesis, we propose a new synthesis of four of the most well-known principles Shared Everything, Partition Serial Execution, Data Oriented Architecture and Delegation, to create the NORAD architecture, which stands for NUMA-aware DORA with Delegation. We built our research prototype called NeMeSys on top of the NORAD architecture to fully exploit the provided hardware capacities of SMPs for graph pattern matching. Being an in-memory engine, NeMeSys allows for online data ingestion as well as online query generation and processing through a terminal based user interface. Storing a graph on a NUMA system inherently requires data partitioning to cope with the mentioned NUMA effect. Hence, we need to dissect the graph into a disjunct set of partitions, which can then be stored on the individual memory domains. This thesis analyzes the capabilites of the NORAD architecture, to perform scalable graph pattern matching on SMP systems. To increase the systems performance, we further develop, integrate and evaluate suitable optimization techniques. That is, we investigate the influence of the inherent data partitioning, the interplay of messaging with and without sufficient locality information and the actual partition placement on any NUMA socket in the system. To underline the applicability of our approach, we evaluate NeMeSys against synthetic datasets and perform an end-to-end evaluation of the whole system stack on the real world knowledge graph of Wikidata

Secure Routing in Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to the service providers. Unlike traditional Wi-Fi networks, with each access point (AP) connected to the wired network, in WMNs only a subset of the APs are required to be connected to the wired network. The APs that are connected to the wired network are called the Internet gateways (IGWs), while the APs that do not have wired connections are called the mesh routers (MRs). The MRs are connected to the IGWs using multi-hop communication. The IGWs provide access to conventional clients and interconnect ad hoc, sensor, cellular, and other networks to the Internet. However, most of the existing routing protocols for WMNs are extensions of protocols originally designed for mobile ad hoc networks (MANETs) and thus they perform sub-optimally. Moreover, most routing protocols for WMNs are designed without security issues in mind, where the nodes are all assumed to be honest. In practical deployment scenarios, this assumption does not hold. This chapter provides a comprehensive overview of security issues in WMNs and then particularly focuses on secure routing in these networks. First, it identifies security vulnerabilities in the medium access control (MAC) and the network layers. Various possibilities of compromising data confidentiality, data integrity, replay attacks and offline cryptanalysis are also discussed. Then various types of attacks in the MAC and the network layers are discussed. After enumerating the various types of attacks on the MAC and the network layer, the chapter briefly discusses on some of the preventive mechanisms for these attacks.Comment: 44 pages, 17 figures, 5 table

Group Rekeying Schemes for Secure Group Communication in Wireless Sensor Networks

Wireless sensor networks are promising solutions for many applications. However, wireless sensor nodes suffer from many constraints such as low computation capability, small memory, limited energy resources, and so on. Grouping is an important technique to localize computation and reduce communication overhead in wireless sensor networks. In this paper, we use grouping to refer to the process of combining a set of sensor nodes with similar properties. We propose two centralized group rekeying (CGK) schemes for secure group communication in sensor networks. The lifetime of a group is divided into three phases, i.e., group formation, group maintenance, and group dissolution. We demonstrate how to set up the group and establish the group key in each phase. Our analysis shows that the proposed two schemes are computationally efficient and secure

Signal Alignment: Enabling Physical Layer Network Coding for MIMO Networking

published_or_final_versio

Discovery and Group Communication for Constrained Internet of Things Devices using the Constrained Application Protocol

The ubiquitous Internet is rapidly spreading to new domains. This expansion of the Internet is comparable in scale to the spread of the Internet in the ’90s. The resulting Internet is now commonly referred to as the Internet of Things (IoT) and is expected to connect about 50 billion devices by the year 2020. This means that in just five years from the time of writing this PhD the number of interconnected devices will exceed the number of humans by sevenfold. It is further expected that the majority of these IoT devices will be resource constrained embedded devices such as sensors and actuators. Sensors collect information about the physical world and inject this information into the virtual world. Next processing and reasoning can occur and decisions can be taken to enact upon the physical world by injecting feedback to actuators. The integration of embedded devices into the Internet introduces new challenges, since many of the existing Internet technologies and protocols were not designed for this class of constrained devices. These devices are typically optimized for low cost and power consumption and thus have very limited power, memory, and processing resources and have long sleep periods. The networks formed by these embedded devices are also constrained and have different characteristics than those typical in todays Internet. These constrained networks have high packet loss, low throughput, frequent topology changes and small useful payload sizes. They are referred to as LLN. Therefore, it is in most cases unfeasible to run standard Internet protocols on this class of constrained devices and/or LLNs. New or adapted protocols that take into consideration the capabilities of the constrained devices and the characteristics of LLNs, are required. In the past few years, there were many efforts to enable the extension of the Internet technologies to constrained devices. Initially, most of these efforts were focusing on the networking layer. However, the expansion of the Internet in the 90s was not due to introducing new or better networking protocols. It was a result of introducing the World Wide Web (WWW), which made it easy to integrate services and applications. One of the essential technologies underpinning the WWW was the Hypertext Transfer Protocol (HTTP). Today, HTTP has become a key protocol in the realization of scalable web services building around the Representational State Transfer (REST) paradigm. The REST architectural style enables the realization of scalable and well-performing services using uniform and simple interfaces. The availability of an embedded counterpart of HTTP and the REST architecture could boost the uptake of the IoT. Therefore, more recently, work started to allow the integration of constrained devices in the Internet at the service level. The Internet Engineering Task Force (IETF) Constrained RESTful Environments (CoRE) working group has realized the REST architecture in a suitable form for the most constrained nodes and networks. To that end the Constrained Application Protocol (CoAP) was introduced, a specialized RESTful web transfer protocol for use with constrained networks and nodes. CoAP realizes a subset of the REST mechanisms offered by HTTP, but is optimized for Machine-to-Machine (M2M) applications. This PhD research builds upon CoAP to enable a better integration of constrained devices in the IoT and examines proposed CoAP solutions theoretically and experimentally proposing alternatives when appropriate. The first part of this PhD proposes a mechanism that facilitates the deployment of sensor networks and enables the discovery, end-to-end connectivity and service usage of newly deployed sensor nodes. The proposed approach makes use of CoAP and combines it with Domain Name System (DNS) in order to enable the use of userfriendly Fully Qualified Domain Names (FQDNs) for addressing sensor nodes. It includes the automatic discovery of sensors and sensor gateways and the translation of HTTP to CoAP, thus making the sensor resources globally discoverable and accessible from any Internet-connected client using either IPv6 addresses or DNS names both via HTTP or CoAP. As such, the proposed approach provides a feasible and flexible solution to achieve hierarchical self-organization with a minimum of pre-configuration. By doing so we minimize costly human interventions and eliminate the need for introducing new protocols dedicated for the discovery and organization of resources. This reduces both cost and the implementation footprint on the constrained devices. The second, larger, part of this PhD focuses on using CoAP to realize communication with groups of resources. In many IoT application domains, sensors or actuators need to be addressed as groups rather than individually, since individual resources might not be sufficient or useful. A simple example is that all lights in a room should go on or off as a result of the user toggling the light switch. As not all IoT applications may need group communication, the CoRE working group did not include it in the base CoAP specification. This way the base protocol is kept as efficient and as simple as possible so it would run on even the most constrained devices. Group communication and other features that might not be needed by all devices are standardized in a set of optional separate extensions. We first examined the proposed CoAP extension for group communication, which utilizes Internet Protocol version 6 (IPv6) multicasts. We highlight its strengths and weaknesses and propose our own complementary solution that uses unicast to realize group communication. Our solution offers capabilities beyond simple group communication. For example, we provide a validation mechanism that performs several checks on the group members, to make sure that combining them together is possible. We also allow the client to request that results of the individual members are processed before they are sent to the client. For example, the client can request to obtain only the maximum value of all individual members. Another important optional extension to CoAP allows clients to continuously observe resources by registering their interest in receiving notifications from CoAP servers once there are changes to the values of the observed resources. By using this publish/subscribe mechanism the client does not need to continuously poll the resource to find out whether it has changed its value. This typically leads to more efficient communication patterns that preserve valuable device and LLN resources. Unfortunately CoAP observe does not work together with the CoAP group communication extension, since the observe extension assumes unicast communication while the group communication extension only support multicast communication. In this PhD we propose to extend our own group communication solution to offer group observation capabilities. By combining group observation with group processing features, it becomes possible to notify the client only about certain changes to the observed group (e.g., the maximum value of all group members has changed). Acknowledging that the use of multicast as well as unicast has strengths and weaknesses we propose to extend our unicast based solution with certain multicast features. By doing so we try to combine the strengths of both approaches to obtain a better overall group communication that is flexible and that can be tailored according to the use case needs. Together, the proposed mechanisms represent a powerful and comprehensive solution to the challenging problem of group communication with constrained devices. We have evaluated the solutions proposed in this PhD extensively and in a variety of forms. Where possible, we have derived theoretical models and have conducted numerous simulations to validate them. We have also experimentally evaluated those solutions and compared them with other proposed solutions using a small demo box and later on two large scale wireless sensor testbeds and under different test conditions. The first testbed is located in a large, shielded room, which allows testing under controlled environments. The second testbed is located inside an operational office building and thus allows testing under normal operation conditions. Those tests revealed performance issues and some other problems. We have provided some solutions and suggestions for tackling those problems. Apart from the main contributions, two other relevant outcomes of this PhD are described in the appendices. In the first appendix we review the most important IETF standardization efforts related to the IoT and show that with the introduction of CoAP a complete set of standard protocols has become available to cover the complete networking stack and thus making the step from the IoT into the Web of Things (WoT). Using only standard protocols makes it possible to integrate devices from various vendors into one bigWoT accessible to humans and machines alike. In the second appendix, we provide an alternative solution for grouping constrained devices by using virtualization techniques. Our approach focuses on the objects, both resource-constrained and non-constrained, that need to cooperate by integrating them into a secured virtual network, named an Internet of Things Virtual Network or IoT-VN. Inside this IoT-VN full end-to-end communication can take place through the use of protocols that take the limitations of the most resource-constrained devices into account. We describe how this concept maps to several generic use cases and, as such, can constitute a valid alternative approach for supporting selected applications