Secure and authenticated data communication in wireless sensor networks

© 2015 by the authors; licensee MDPI, Basel, Switzerland. Securing communications in wireless sensor networks is increasingly important as the diversity of applications increases. However, even today, it is equally important for the measures employed to be energy efficient. For this reason, this publication analyzes the suitability of various cryptographic primitives for use in WSNs according to various criteria and, finally, describes a modular, PKI-based framework for confidential, authenticated, secure communications in which most suitable primitives can be employed. Due to the limited capabilities of common WSN motes, criteria for the selection of primitives are security, power efficiency and memory requirements. The implementation of the framework and the singular components have been tested and benchmarked in our tested of IRISmotes

Energy Efficient Security Framework for Wireless Local Area Networks

Wireless networks are susceptible to network attacks due to their inherentvulnerabilities. The radio signal used in wireless transmission canarbitrarily propagate through walls and windows; thus a wireless networkperimeter is not exactly known. This leads them to be more vulnerable toattacks such as eavesdropping, message interception and modifications comparedto wired-line networks. Security services have been used as countermeasures toprevent such attacks, but they are used at the expense of resources that arescarce especially, where wireless devices have a very limited power budget.Hence, there is a need to provide security services that are energy efficient.In this dissertation, we propose an energy efficient security framework. Theframework aims at providing security services that take into account energyconsumption. We suggest three approaches to reduce the energy consumption ofsecurity protocols: replacement of standard security protocol primitives thatconsume high energy while maintaining the same security level, modification ofstandard security protocols appropriately, and a totally new design ofsecurity protocol where energy efficiency is the main focus. From ourobservation and study, we hypothesize that a higher level of energy savings isachievable if security services are provided in an adjustable manner. Wepropose an example tunable security or TuneSec system, which allows areasonably fine-grained security tuning to provide security services at thewireless link level in an adjustable manner.We apply the framework to several standard security protocols in wirelesslocal area networks and also evaluate their energy consumption performance.The first and second methods show improvements of up to 70% and 57% inenergy consumption compared to plain standard security protocols,respectively. The standard protocols can only offer fixed-level securityservices, and the methods applied do not change the security level. The thirdmethod shows further improvement compared to fixed-level security by reducing(about 6% to 40%) the energy consumed. This amount of energy saving can bevaried depending on the configuration and security requirements

A novel approach to quality-of-service provisioning in trusted relay Quantum Key Distribution networks

In recent years, noticeable progress has been made in the development of quantum equipment, reflected through the number of successful demonstrations of Quantum Key Distribution (QKD) technology. Although they showcase the great achievements of QKD, many practical difficulties still need to be resolved. Inspired by the significant similarity between mobile ad-hoc networks and QKD technology, we propose a novel quality of service (QoS) model including new metrics for determining the states of public and quantum channels as well as a comprehensive metric of the QKD link. We also propose a novel routing protocol to achieve high-level scalability and minimize consumption of cryptographic keys. Given the limited mobility of nodes in QKD networks, our routing protocol uses the geographical distance and calculated link states to determine the optimal route. It also benefits from a caching mechanism and detection of returning loops to provide effective forwarding while minimizing key consumption and achieving the desired utilization of network links. Simulation results are presented to demonstrate the validity and accuracy of the proposed solutions.Web of Science28118116

Simulating and modelling the impact of secure communication latency for closed loop control

Closed loop control systems have been implemented to conduct a variety of tasks (e.g. manufacturing and automation). Industrial Control System (ICS) have been used to regulate a closed loop process; however, ICS are exposed to the same security vulnerabilities associated with enterprise networks. Cryptography has been deployed to overcome the associated data communication weaknesses between each ICS node through the use of block ciphers; however, the drawback of applying cryptographic algorithms to ICS is the additional communication latency. This paper investigates the relationship between security constructs and latency for closed loop control system with test conducted in a simulated environment. A case scenario is illustrated to demonstrate the impact of the results obtained to a real world context

FPGA based Network Security Architecture for High Speed Networks

Cryptography and Network Security in high speed networks demands for specialized hardware in order to match up with the network speed. These hardware modules are being realized using reconfigurable FPGA technology to support heavy computation. Our work is mainly based on designing an efficient architecture for a cryptographic module and a network intrusion detection system for a high speed network. All the designs are coded using VHDL and are synthesized using Xilinx ISE for verifying their functionality. Virtex II pro FPGA is chosen as the target device for realization of the proposed design. In the cryptographic module, International Data Encryption Algorithm (IDEA), a symmetric key block cipher is chosen as the algorithm for implementation. The design goal is to increase the data conversion rate i.e the throughput to a substantial value so that the design can be used as a cryptographic coprocessor in high speed network applications. We have proposed a new n bit multiplier in the design which generates less number of partial products less than n/2 and the operands are in diminished-one representation. The multiplication is based on Radix-8 Booth's recoding with different combinations of outer round and inner round pipelining approach and a substantial high throughput to area ratio is achieved. The Network Intrusion Detection System (NIDS) module is designed for scanning suspicious patterns in data packets incoming to the network. Scanning a data packet against multiple patterns in quick time is a highly computational intensive task. A string matching module is realized using a memory efficient multi hashing data structure called Bloom Filter, in which multiple patterns can be matched in a single clock cycle. A separate parallel hash module is also designed for eliminating the packets which are treated as false positives. The string matching module is coded and functionally verified using VHDL targeting Virtex II pro FPGA and performance evaluation is made in terms of speed and resource utilization