Hardware accelerated authentication system for dynamic time-critical networks

The secure and efficient operation of time-critical networks, such as vehicular networks, smart-grid and other smart-infrastructures, is of primary importance in today’s society. It is crucial to minimize the impact of security mechanisms over such networks so that the safe and reliable operations of time-critical systems are not being interfered. Even though there are several security mechanisms, their application to smart-infrastructure and Internet of Things (IoT) deployments may not meet the ubiquitous and time-sensitive needs of these systems. That is, existing security mechanisms either introduce a significant computation and communication overhead, or they are not scalable for a large number of IoT components. In particular, as a primary authentication mechanism, existing digital signatures cannot meet the real-time processing requirements of time-critical networks, and also do not fully benefit from advancements in the underlying hardware/software of IoTs. As a part of this thesis, we create a reliable and scalable authentication system to ensure secure and reliable operation of dynamic time-critical networks like vehicular networks through hardware acceleration. The system is implemented on System-On-Chips (SoC) leveraging the parallel processing capabilities of the embedded Graphical Processing Units (GPUs) along with the CPUs (Central Processing Units). We identify a set of cryptographic authentication mechanisms, which consist of operations that are highly parallelizable while still maintain high standards of security and are also secure against various malicious adversaries. We also focus on creating a fully functional prototype of the system which we call a “Dynamic Scheduler” which will take care of scheduling the messages for signing or verification on the basis of their priority level and the number of messages currently in the system, so as to derive maximum throughput or minimum latency from the system, whatever the requirement may be

CENTRALIZED SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS

Wireless Sensor Networks (WSN) is an exciting new technology with applications in military, industry, and healthcare. These applications manage sensitive information in potentially hostile environments. Security is a necessity, but building a WSN protocol is difficult. Nodes are energy and memory constrained devices intended to last months. Attackers are physically able to compromise nodes and attack the network from within. The solution is Centralized Secure Low Energy Adaptive Clustering Hierarchy (CSLEACH). CSLEACH provides security, energy efficiency, and memory efficiency. CSLEACH takes a centralized approach by leveraging the gateways resources to extend the life of a network as well as provide trust management. Using a custom event based simulator, I am able to show CSLEACH\u27s trust protocol is more energy efficient and requires less memory per node than Trust-based LEACH (TLEACH). In terms of security, CSLEACH is able to protect against a wide range of attacks from spoofed messages to compromised node attacks and it provides confidentiality, authentication, integrity and freshness

Location-Based Protocol for the Pairwise Authentication in the Networks without Infrastructure

In this paper, we consider security issues arising in the development of the wireless networks without infrastructure, with the rapidly changing composition of the elements of such a network The LEAP Initial Protection (LEAP-IP) protocol proposed, which closes the vulnerability of the LEAP at the network initialization stage. Advanced LEAP-IP protocol allows to resist attacks on the radio channel, physical attacks on the device, and is energy efficient, that is especially important for devices with a limited power resource. Also, a classification of self-organizing networks and some variants of using the proposed pairwise authentication protocol is presented

On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, besides being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, especially with the deadline for mandatory implementation in most airspaces fast approaching. This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts which have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures which have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.Comment: Survey, 22 Pages, 21 Figure

Time valid one-time signature for time-critical multicast data authentication

Abstract-It is challenging to provide authentication to timecritical multicast data, where low end-to-end delay is of crucial importance. Consequently, it requires not only efficient authentication algorithms to minimize computational cost, but also avoidance of buffering packets so that the data can be immediately processed once being presented. Desirable properties for a multicast authentication scheme also include small communication overhead, tolerance to packet loss, and resistance against malicious attacks. In this paper, we propose a novel signature model -Time Valid One-Time Signature (TV-OTS) -to boost the efficiency of regular one-time signature schemes. Based on the TV-OTS model, we design an efficient multicast authentication scheme "TV-HORS" to meet the above needs. TV-HORS combines one-way hash chains with TV-OTS to avoid frequent public key distribution. It provides fast signing/verification and buffering-free data processing, which make it one of the fastest multicast authentication schemes to date in terms of end-to-end computational latency (on the order of microseconds). In addition, TV-HORS has perfect tolerance to packet loss and strong robustness against malicious attacks. The communication overhead of TV-HORS is much smaller than regular OTS schemes, and even smaller than RSA signature. The only drawback of TV-HORS is a relatively large public key of size 8KB to 10KB, depending on parameters

Privacy-Preserving ECG Based Active Authentication (PPEA2) Scheme for Iot Devices

Internet of things (IoT) devices are becoming ubiquitous in, and even essential to, many aspects of day-to-day life, from fitness trackers, pacemakers, to industrial control systems. On a larger scale, live stream of sleep patterns data recorded via fitness tracker devices was utilized to quantify the effect of a seismic activity on sleep. While the benefits of IoT are undeniable, IoT ecosystem comes with its own set of system vulnerabilities that include malicious actors manipulating the flow of information to and from the IoT devices, which can lead to the capture of sensitive data and loss of data privacy. My thesis explores a Privacy-Preserving ECG based Active Authentication (PPEA2) scheme that is deployable on power-limited wearable systems to counter these vulnerabilities. Electrocardiogram (ECG) is a record of the electrical activity of the heart, and it has been shown to be unique for every person. This work leverages that idea to design a feature extraction followed by an authentication scheme based on the extracted features. The proposed scheme preserves the privacy of the extracted features by employing a light-weight secure computation approach based on secure weighted hamming distance computation from an oblivious transfer. It computes a joint set between two participating entities without revealing the keys to either of them

Experimental Comparison of Multicast Authentication for Wide Area Monitoring Systems

Multicast is proposed as a preferred communication mechanism for many power grid applications. One of the biggest challenges for multicast in smart grid is ensuring source authentication without violating the stringent time requirement. The research community and standardization bodies have proposed several authentication mechanisms for smart grid multicast applications. In this paper, we evaluate different authentication schemes and identify the best candidates for phasor data communication in wide area monitoring systems (WAMS). We first do an extensive literature review of existing solutions and establish a short list of schemes to evaluate. Second we make an experimental comparison of the chosen schemes in an operational smart grid pilot and evaluate the performance of these schemes by using the following metrics: computation, communication and key management overheads. The best candidates we consider are two variants of ECDSA, TV-HORS and three variants of Incomplete-key-set. We find ECDSA without pre-computed tokens and all the Incomplete-key-set variants are inapplicable for WAMS due to their high computation overhead. The ECDSA variant that uses pre-computed tokens and TV-HORS perform well in all metrics; however, TV-HORS has potential drawbacks due to a large key management overhead as a result of the frequent distribution of a large public key per source

Seven cardinal properties of sensor network broadcast authentication

We investigate the design space of sensor network broadcast authentication. We show that prior approaches can be organized based on a taxonomy of seven fundamental proprieties, such that each approach can satisfy at most six of the seven proprieties. An empirical study of the design space reveals possibilities of new approaches, which we present in the following two new authentication protocols: RPT and LEA. Based on this taxonomy, we offer guidance in selecting the most appropriate protocol based on an application’s desired proprieties. Finally, we pose the open challenge for the research community to devise a protocol simultaneously providing all seven properties