Attacking and Securing Beacon-Enabled 802.15.4 Networks

The IEEE 802.15.4 has attracted time-critical applications in wireless sensor networks (WSNs) because of its beacon-enabled mode and guaranteed timeslots (GTSs). However, the GTS scheme’s security still leave the 802.15.4 MAC vulnerable to attacks. Further, the existing techniques in the literature for securing 802.15.4 either focus on non beacon-enabled 802.15.4 or cannot defend against insider attacks for beacon-enabled 802.15.4. In this thesis, we illustrate this by demonstrating attacks on the availability and integrity of the beacon-enabled 802.15.4. To proof the attacks, we implement the attacks using Tmote Sky motes for a malicious node along with regular nodes. We show that the malicious node can freely exploit the beacon frames to compromise the integrity and availability of the network. For the defense, we present beacon-enabled MiniSec (BCN-MiniSec) and analyze its cost

Security performance and protocol consideration in optical communication system with optical layer security enabled by optical coding techniques

With the fast development of communication systems, network security issues have more and more impact on daily life. It is essential to construct a high degree of optical layer security to resolve the security problem once and for all. Three different techniques which can provide optical layer security are introduced and compared. Optical chaos can be used for fast random number generation. Quantum cryptography is the most promising technique for key distribution. And the optical coding techniques can be deployed to encrypt the modulated signal in the optical layer. A mathematical equation has been derived from information theory to evaluate the information-theoretic security level of the wiretap channel in optical coding schemes. And the merits and limitation of two coherent optical coding schemes, temporal phase coding and spectral phase coding, have been analysed. The security scheme based on a reconfigurable optical coding device has been introduced, and the corresponding security protocol has been developed. By moving the encryption operation from the electronic layer to the optical layer, the modulated signals become opaque to the unauthorised users. Optical code distribution and authentication is the one of the major challenges for our proposed scheme. In our proposed protocol, both of the operations are covered and defined in detail. As a preliminary draft of the optical code security protocol, it could be a useful guidance for further research

Network-aware Active Wardens in IPv6

Every day the world grows more and more dependent on digital communication. Technologies like e-mail or the World Wide Web that not so long ago were considered experimental, have first become accepted and then indispensable tools of everyday life. New communication technologies built on top of the existing ones continuously race to provide newer and better functionality. Even established communication media like books, radio, or television have become digital in an effort to avoid extinction. In this torrent of digital communication a constant struggle takes place. On one hand, people, organizations, companies and countries attempt to control the ongoing communications and subject them to their policies and laws. On the other hand, there oftentimes is a need to ensure and protect the anonymity and privacy of the very same communications. Neither side in this struggle is necessarily noble or malicious. We can easily imagine that in presence of oppressive censorship two parties might have a legitimate reason to communicate covertly. And at the same time, the use of digital communications for business, military, and also criminal purposes gives equally compelling reasons for monitoring them thoroughly. Covert channels are communication mechanisms that were never intended nor designed to carry information. As such, they are often able to act ``below\u27\u27 the notice of mechanisms designed to enforce security policies. Therefore, using covert channels it might be possible to establish a covert communication that escapes notice of the enforcement mechanism in place. Any covert channel present in digital communications offers a possibility of achieving a secret, and therefore unmonitored, communication. There have been numerous studies investigating possibilities of hiding information in digital images, audio streams, videos, etc. We turn our attention to the covert channels that exist in the digital networks themselves, that is in the digital communication protocols. Currently, one of the most ubiquitous protocols in deployment is the Internet Protocol version 4 (IPv4). Its universal presence and range make it an ideal candidate for covert channel investigation. However, IPv4 is approaching the end of its dominance as its address space nears exhaustion. This imminent exhaustion of IPv4 address space will soon force a mass migration towards Internet Protocol version 6 (IPv6) expressly designed as its successor. While the protocol itself is already over a decade old, its adoption is still in its infancy. The low acceptance of IPv6 results in an insufficient understanding of its security properties. We investigated the protocols forming the foundation of the next generation Internet, Internet Protocol version 6 (IPv6) and Internet Control Message Protocol (ICMPv6) and found numerous covert channels. In order to properly assess their capabilities and performance, we built cctool, a comprehensive covert channel tool. Finally, we considered countermeasures capable of defeating discovered covert channels. For this purpose we extended the previously existing notions of active wardens to equip them with the knowledge of the surrounding network and allow them to more effectively fulfill their role

Privacy-preserving alert correlation and report retrieval

Intrusion Detection Systems (IDSs) have been widely deployed on both hosts and networks and serve as a second line of defense. Generally, an IDS flags malicious activates as IDS alerts and forwards them to security officers for further responses. The core issue of IDSs is to minimize both false positives and false negatives. Previous research shows that alert correlation is an effective solution. Moreover, alert correlation (in particular, under the cross-domain setting) can fuse distributed information together and thus be able to detect large-scale attacks that local analysis fails to handle. However, in practice the wide usage of alert correlation is hindered by the privacy concern. In this thesis, we propose the TEIRESIAS protocol, which can ensure the privacy-preserving property during the whole process of sharing and correlating alerts, when incorporated with anonymous communication systems. Furthermore, we also take the fairness issue into consideration when designing the procedure of retrieving the results of correlation. More specifically, a contributor can privately retrieve correlated reports in which she involved. The TEIRESIAS protocol is based mainly on searchable encryption, including both symmetric-key encryption with keyword search (SEKS) and public-key encryption with keyword search (PEKS). While designing TEIRESIAS, we identify a new statistical guessing attack against PEKS. To address this problem, we propose the PEKSrand scheme, which is an extension of PEKS and can mitigate both brute-force guessing attacks and statistical guessing attacks. The PEKSrand scheme can either be used independently or be combined with TEIRESIAS to further improve its privacy protection

Improvements to data transportation security in wireless sensor networks

Wireless Sensor Networks (WSNs) are computer networks consisting of miniaturised electronic devices that aim to gather and report information about their environment. The devices are limited in computational, data storage and communication ability. Furthermore, the devices communicate via a wireless, unregulated medium and usually operate on finite power sources. Security in Wireless Sensor Networks is the research area that seeks to provide adequate and energy-efficient security mechanisms for WSNs. Such provision is required in order to increase their range of possible applications and allow them to be deployed in critical and valuable environments. Existing security mechanisms for larger computer networks are inappropriate since they were not designed for the resourceconstrained environment of WSNs. There are some purpose-built solutions but this research has found potential security or efficiency problems with each of them. This thesis contributes SecRose, a security mechanism for the data-transportation layer of Wireless Sensor Networks. The solution attempts to provide higher level of security than currently provided, without introduction of significant energy overheads and by retaining backwards compatibility. SecRose achieves its security objectives by introducing a number of innovations and improvements. SecRose innovates in the provision of freshness and semantic security by altering the secret cryptographic keys. The process is managed at the transportation level by the basic key management mechanism. The integrity and safety of the key-changing operation is achieved by authenticating all packets and their acknowledgements. This behaviour contrasts with other proposals, which are based on openly transmitted Initialisation Vectors, and allows SecRose to provide better security than most of them, including TinySec, the accepted standard. In addition, measurements show that SecRose provides better energy-efficiency than other proposals. In particular, the solution requires less energy than TinySec in all cases and it can even be more efficient than the base Operating System, the TinyOS, which does not provide any security at all.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Improvements to data transportation security in wireless sensor networks

Wireless Sensor Networks (WSNs) are computer networks consisting of miniaturisedelectronic devices that aim to gather and report information about their environment. Thedevices are limited in computational, data storage and communication ability. Furthermore,the devices communicate via a wireless, unregulated medium and usually operate on finitepower sources. Security in Wireless Sensor Networks is the research area that seeks toprovide adequate and energy-efficient security mechanisms for WSNs. Such provision isrequired in order to increase their range of possible applications and allow them to bedeployed in critical and valuable environments. Existing security mechanisms for largercomputer networks are inappropriate since they were not designed for the resourceconstrainedenvironment of WSNs. There are some purpose-built solutions but this researchhas found potential security or efficiency problems with each of them.This thesis contributes SecRose, a security mechanism for the data-transportation layer ofWireless Sensor Networks. The solution attempts to provide higher level of security thancurrently provided, without introduction of significant energy overheads and by retainingbackwards compatibility. SecRose achieves its security objectives by introducing a number ofinnovations and improvements.SecRose innovates in the provision of freshness and semantic security by altering the secretcryptographic keys. The process is managed at the transportation level by the basic keymanagement mechanism. The integrity and safety of the key-changing operation is achievedby authenticating all packets and their acknowledgements. This behaviour contrasts with otherproposals, which are based on openly transmitted Initialisation Vectors, and allows SecRoseto provide better security than most of them, including TinySec, the accepted standard.In addition, measurements show that SecRose provides better energy-efficiency than otherproposals. In particular, the solution requires less energy than TinySec in all cases and it caneven be more efficient than the base Operating System, the TinyOS, which does not provideany security at all