Resilient networking in wireless sensor networks

This report deals with security in wireless sensor networks (WSNs), especially in network layer. Multiple secure routing protocols have been proposed in the literature. However, they often use the cryptography to secure routing functionalities. The cryptography alone is not enough to defend against multiple attacks due to the node compromise. Therefore, we need more algorithmic solutions. In this report, we focus on the behavior of routing protocols to determine which properties make them more resilient to attacks. Our aim is to find some answers to the following questions. Are there any existing protocols, not designed initially for security, but which already contain some inherently resilient properties against attacks under which some portion of the network nodes is compromised? If yes, which specific behaviors are making these protocols more resilient? We propose in this report an overview of security strategies for WSNs in general, including existing attacks and defensive measures. In this report we focus at the network layer in particular, and an analysis of the behavior of four particular routing protocols is provided to determine their inherent resiliency to insider attacks. The protocols considered are: Dynamic Source Routing (DSR), Gradient-Based Routing (GBR), Greedy Forwarding (GF) and Random Walk Routing (RWR)

Resilient Aggregation in Simple Linear Sensor Networks

A sensor network is a network comprised of many small, wireless, resource-limited nodes that sense data about their environment and report readings to a base station. One technique to conserve power in a sensor network is to aggregate sensor readings hop-by-hop as they travel towards a base station, thereby reducing the total number of messages required to collect each sensor reading. In an adversarial setting, the ability of a malicious node to alter this aggregate total must be limited. We present three aggregation protocols inspired by three natural key pre-distribution schemes for linear networks. Assuming no more than $k$ consecutive nodes are malicious, each of these protocols limits the capability of a malicious node to altering the aggregate total by at most a single valid sensor reading. Additionally, our protocols are able to detect malicious behavior as it occurs, allowing the protocol to be aborted early, thereby conserving energy in the remaining nodes. A rigorous proof of security is also given for each protocol

Fault-Tolerant Aggregation: Flow-Updating Meets Mass-Distribution

Flow-Updating (FU) is a fault-tolerant technique that has proved to be efficient in practice for the distributed computation of aggregate functions in communication networks where individual processors do not have access to global information. Previous distributed aggregation protocols, based on repeated sharing of input values (or mass) among processors, sometimes called Mass-Distribution (MD) protocols, are not resilient to communication failures (or message loss) because such failures yield a loss of mass. In this paper, we present a protocol which we call Mass-Distribution with Flow-Updating (MDFU). We obtain MDFU by applying FU techniques to classic MD. We analyze the convergence time of MDFU showing that stochastic message loss produces low overhead. This is the first convergence proof of an FU-based algorithm. We evaluate MDFU experimentally, comparing it with previous MD and FU protocols, and verifying the behavior predicted by the analysis. Finally, given that MDFU incurs a fixed deviation proportional to the message-loss rate, we adjust the accuracy of MDFU heuristically in a new protocol called MDFU with Linear Prediction (MDFU-LP). The evaluation shows that both MDFU and MDFU-LP behave very well in practice, even under high rates of message loss and even changing the input values dynamically.Comment: 18 pages, 5 figures, To appear in OPODIS 201

Adatbiztonság és adatvédelem a mindent átható számítógépes technológia világában = Security and Privacy Issues in Pervasive Computing

(1) Több ugrásos vezeték nélküli hálózatok biztonsága: Ad hoc és szenzorhálózatokban használt útvonalválasztó protokollok biztonágának analízise, új bizonyíthatóan biztonságos protokollok tervezése (enairA, Secure tinyLUNAR). Új támadás-ellenálló adataggregációs algoritmusok tervezése (RANBAR, CORA) és analízise. Spontán kooperáció kialakulása feltételeinek vizsgálata ad hoc és szenzorhálózatokban, kooperáció ösztönzése késleltetéstűrő ad hoc hálózatokban (Barter). (2) Személyes biztonsági tokenek: A nem-megbízható terminál probléma vizsgálata, feltételes aláírásra épülő megoldás tervezése és analízise. (3) RFID biztonsági és adatvédelmi kérdések: Kulcsfa alapú azonosító-rejtő hitelesítés analízise, a privacy szintjének meghatározása. Optimális kulcsfa tervezése. Új azonosító-rejtő hitelesítő protokoll tervezése és összehasonlítása a kulcsfa alapú módszerrel. (4) Formális biztonsági modellek: Szimulációs paradigmára épülő biztonsági modell útvonalválasztó protokollok analízisére. Támadó-modellek és analízis módszer támadás-ellenálló adataggregáció vizsgálatára. Formális modell kidolgozása a korlátozott számítási képességekkel rendelkező humán felhasználó leírására. Privacy metrika kidolgozása azonosító-rejtő hitekesítő protokollok számára. Játékelméleti modellek a spontán koopráció vizsgálatára ad hoc és szenzor hálózatokban, valamint spam és DoS elleni védelmi mechanizmusok analízisére. | (1) Security of multi-hop wireless networks: Security analysis of routing protocols proposed for mobile ad hoc and sensor networks, development of novel routing protocols with provable security (enairA, Secure tinyLUNAR). Development of novel resilient aggregation algorithms for sensor networks (RANBAR, CORA). Analysis of conditions for the emergence of spontaneous cooperation in ad hoc and sensor networks, novel algorithm to foster cooperation in opportunistic ad hoc networks (Barter). (2) Security tokens: Analysis of the untrusted terminal problem, mitigation by using conditional signature based protocols. (3) RFID security and privacy: Analysis of key-tree based private authentication, novel metrics to measure the level of privacy. Design of optimal key-trees, novel private authentication protocols based on group keys. (4) Formal models: Modeling framework for routing protocols based on the simulation paradigm, proof techniques for analyzing the security of routing. Attacker models and analysis techniques for resilient aggregation in sensor networks. Formal model for representing the limited computing capacity of humans. Metrics for determining the level of privacy provided by private authentication protocols. Game theoretic models for studying cooperation in ad hoc and sensor networks, and for analysisng the performance of spam and DoS protection mechanisms

Spectra: Robust Estimation of Distribution Functions in Networks

Distributed aggregation allows the derivation of a given global aggregate property from many individual local values in nodes of an interconnected network system. Simple aggregates such as minima/maxima, counts, sums and averages have been thoroughly studied in the past and are important tools for distributed algorithms and network coordination. Nonetheless, this kind of aggregates may not be comprehensive enough to characterize biased data distributions or when in presence of outliers, making the case for richer estimates of the values on the network. This work presents Spectra, a distributed algorithm for the estimation of distribution functions over large scale networks. The estimate is available at all nodes and the technique depicts important properties, namely: robust when exposed to high levels of message loss, fast convergence speed and fine precision in the estimate. It can also dynamically cope with changes of the sampled local property, not requiring algorithm restarts, and is highly resilient to node churn. The proposed approach is experimentally evaluated and contrasted to a competing state of the art distribution aggregation technique.Comment: Full version of the paper published at 12th IFIP International Conference on Distributed Applications and Interoperable Systems (DAIS), Stockholm (Sweden), June 201