A Survey on Wireless Sensor Network Security

Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed nature of these networks and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. This problem is more critical if the network is deployed for some mission-critical applications such as in a tactical battlefield. Random failure of nodes is also very likely in real-life deployment scenarios. Due to resource constraints in the sensor nodes, traditional security mechanisms with large overhead of computation and communication are infeasible in WSNs. Security in sensor networks is, therefore, a particularly challenging task. This paper discusses the current state of the art in security mechanisms for WSNs. Various types of attacks are discussed and their countermeasures presented. A brief discussion on the future direction of research in WSN security is also included.Comment: 24 pages, 4 figures, 2 table

Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning

The secret keys of critical network authorities - such as time, name, certificate, and software update services - represent high-value targets for hackers, criminals, and spy agencies wishing to use these keys secretly to compromise other hosts. To protect authorities and their clients proactively from undetected exploits and misuse, we introduce CoSi, a scalable witness cosigning protocol ensuring that every authoritative statement is validated and publicly logged by a diverse group of witnesses before any client will accept it. A statement S collectively signed by W witnesses assures clients that S has been seen, and not immediately found erroneous, by those W observers. Even if S is compromised in a fashion not readily detectable by the witnesses, CoSi still guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to risk that the compromise will soon be detected by one of the W witnesses. Because clients can verify collective signatures efficiently without communication, CoSi protects clients' privacy, and offers the first transparency mechanism effective against persistent man-in-the-middle attackers who control a victim's Internet access, the authority's secret key, and several witnesses' secret keys. CoSi builds on existing cryptographic multisignature methods, scaling them to support thousands of witnesses via signature aggregation over efficient communication trees. A working prototype demonstrates CoSi in the context of timestamping and logging authorities, enabling groups of over 8,000 distributed witnesses to cosign authoritative statements in under two seconds.Comment: 20 pages, 7 figure

Elliptic Curve Cryptography Services for Mobile Operating Systems

Mobile devices as smartphones, tablets and laptops, are nowadays considered indispensable objects by most people in developed countries. A s personal and work assistant s , some of th e s e devices store , process and transmit sensitive and private data. Naturally , the number of mobile applications with integrated cryptographic mechanisms or offering security services has been significantly increasing in the last few years. Unfortunately, not all of those applications are secure by design, while other may not implement the cryptographic primitives correctly. Even the ones that implement them correctly may suffer from longevity problems, since cryptographic primitives that are considered secure nowadays may become obsolete in the next few years. Rivest, Shamir and Adleman (RSA) is an example of an widely used cryptosystem that may become depleted shorty . While the security issues in the mobile computing environment may be of median severity for casual users, they may be critical for several professional classes, namely lawyers, journalists and law enforcement agents. As such, it is important to approach these problems in a structured manner. This master’s program is focused on the engineering and implementation of a mobile application offering a series of security services. The application was engineered to be secure by design for the Windows Phone 8.1 Operating System (OS) which, at the time of writing this dissertation, was the platform with the most discreet offer in terms of applications of this type. The application provides services such as secure exchange of a cryptographic secret, encryption and digital signature of messages and files, management of contacts and encryption keys and secure password generation and storage. Part of the cryptographic primitives used in this work are from the Elliptic Curve Cryptography (ECC) theory, for which the discrete logarithm problem is believed to be harder and key handling is easier. The library defining a series of curves and containing the procedures and operations supporting the ECC primitives was implemented from scratch, since there was none available, comprising one of the contributions of this work. The work evolved from the analysis of the state-of-the-art to the requirements analysis and software engineering phase, thoroughly described herein, ending up with the development of a prototype. The engineering of the application included the definition of a trust model for the exchange of public keys and the modeling of the supporting database. The most visible outcomes of this master’s program are the fully working prototype of a mobile application offering the aforementioned security services, the implementation of an ECC library for the .NET framework, and this dissertation. The source code for the ECC library was made available online on GitHub with the name ECCryptoLib [Ana15]. Its development and improvement was mostly dominated by unit testing. The library and the mobile application were developed in C?. The level of security offered by the application is guaranteed via the orchestration and combination of state-of-the-art symmetric key cryptography algorithms, as the Advanced Encryption Standard (AES) and Secure Hash Algorithm 256 (SHA256) with the ECC primitives. The generation of passwords is done by using several sensors and inputs as entropy sources, which are fed to a cryptographically secure hash function. The passwords are stored in an encrypted database, whose encryption key changes every time it is opened, obtained using a Password-Based Key Derivation Function 2 (PBKDF2) from a master password. The trust model for the public keys designed in the scope of this work is inspired in Pretty Good Privacy (PGP), but granularity of the trust levels is larger.Dispositivos móveis como computadores portáteis, smartphones ou tablets, são, nos dias de hoje, considerados objectos indispensáveis pela grande maioria das pessoas residentes em países desenvolvidos. Por serem utilizados como assistentes pessoais ou de trabalho, alguns destes dispositivos guardam, processam e transmitem dados sensíveis ou privados. Naturalmente, o número de aplicações móveis com mecanismos criptográficos integrados ou que oferecem serviços de segurança, tem vindo a aumentar de forma significativa nos últimos anos. Infelizmente, nem todas as aplicações são seguras por construção, e outras podem não implementar as primitivas criptográficas corretamente. Mesmo aquelas que as implementam corretamente podem sofrer de problemas de longevidade, já que primitivas criptográficas que são hoje em dia consideradas seguras podem tornar-se obsoletas nos próximos anos. O Rivest, Shamir and Adleman (RSA) constitui um exemplo de um sistema criptográfico muito popular que se pode tornar obsoleto a curto prazo. Enquanto que os problemas de segurança em ambientes de computação móvel podem ser de média severidade para utilizadores casuais, estes são normalmente críticos para várias classes profissionais, nomeadamente advogados, jornalistas e oficiais da justiça. É, por isso, importante, abordar estes problemas de uma forma estruturada. Este programa de mestrado foca-se na engenharia e implementação de uma aplicação móvel que oferece uma série de serviços de segurança. A aplicação foi desenhada para ser segura por construção para o sistema operativo Windows Phone 8.1 que, altura em que esta dissertação foi escrita, era a plataforma com a oferta mais discreta em termos de aplicações deste tipo. A aplicação fornece funcionalidades como trocar um segredo criptográfico entre duas entidades de forma segura, cifra, decifra e assinatura digital de mensagens e ficheiros, gestão de contactos e chaves de cifra, e geração e armazenamento seguro de palavras-passe. Parte das primitivas criptográficas utilizadas neste trabalho fazem parte da teoria da criptografia em curvas elípticas, para a qual se acredita que o problema do logaritmo discreto é de mais difícil resolução e para o qual a manipulação de chaves é mais simples. A biblioteca que define uma série de curvas, e contendo os procedimentos e operações que suportam as primitivas criptográficas, foi totalmente implementada no âmbito deste trabalho, dado ainda não existir nenhuma disponível no seu início, compreendendo assim uma das suas contribuições. O trabalho evoluiu da análise do estado da arte para o levantamento dos requisitos e para a fase de engenharia de software, aqui descrita detalhadamente, culminando no desenvolvimento de um protótipo. A engenharia da aplicação incluiu a definição de um sistema de confiança para troca de chaves públicas e também modelação da base de dados de suporte. Os resultados mais visíveis deste programa de mestrado são o protótipo da aplicação móvel, completamente funcional e disponibilizando as funcionalidades de segurança acima mencionadas, a implementação de uma biblioteca Elliptic Curve Cryptography (ECC) para framework .NET, e esta dissertação. O código fonte com a implementação da biblioteca foi publicada online. O seu desenvolvimento e melhoramento foi sobretudo dominado por testes unitários. A biblioteca e a aplicação móvel foram desenvolvidas em C?. O nível de segurança oferecido pela aplicação é garantido através da orquestração e combinação de algoritmos da criptografia de chave simétrica atuais, como o Advanced Encryption Standard (AES) e o Secure Hash Algorithm 256 (SHA256), com as primitivas ECC. A geração de palavras-passe é feita recorrendo utilizando vários sensores e dispoitivos de entrada como fontes de entropia, que posteriormente são alimentadas a uma função de hash criptográfica. As palavras-passe são guardadas numa base de dados cifrada, cuja chave de cifra muda sempre que a base de dados é aberta, sendo obtida através da aplicação de um Password-Based Key Derivation Function 2 (PBKDF2) a uma palavrapasse mestre. O modelo de confiança para chaves públicas desenhado no âmbito deste trabalho é inspirado no Pretty Good Privacy (PGP), mas a granularidade dos níveis de confiança é superior

Towards Green Computing Oriented Security: A Lightweight Postquantum Signature for IoE

[EN] Postquantum cryptography for elevating security against attacks by quantum computers in the Internet of Everything (IoE) is still in its infancy. Most postquantum based cryptosystems have longer keys and signature sizes and require more computations that span several orders of magnitude in energy consumption and computation time, hence the sizes of the keys and signature are considered as another aspect of security by green design. To address these issues, the security solutions should migrate to the advanced and potent methods for protection against quantum attacks and offer energy efficient and faster cryptocomputations. In this context, a novel security framework Lightweight Postquantum ID-based Signature (LPQS) for secure communication in the IoE environment is presented. The proposed LPQS framework incorporates a supersingular isogeny curve to present a digital signature with small key sizes which is quantum-resistant. To reduce the size of the keys, compressed curves are used and the validation of the signature depends on the commutative property of the curves. The unforgeability of LPQS under an adaptively chosen message attack is proved. Security analysis and the experimental validation of LPQS are performed under a realistic software simulation environment to assess its lightweight performance considering embedded nodes. It is evident that the size of keys and the signature of LPQS is smaller than that of existing signature-based postquantum security techniques for IoE. It is robust in the postquantum environment and efficient in terms of energy and computations.This project was funded by the Deanship of Scientific Research (DSR), King Abdulaziz University. Jeddah. under grant No. (DF-457-156-1441).Rani, R.; Kumar, S.; Kaiwartya, O.; Khasawneh, AM.; Lloret, J.; Al-Khasawneh, MA.; Mahmoud, M.... (2021). Towards Green Computing Oriented Security: A Lightweight Postquantum Signature for IoE. Sensors. 21(5):1-20. https://doi.org/10.3390/s2105188312021