8,082 research outputs found
Toward trusted wireless sensor networks
This article presents the design and implementation of a trusted sensor node that provides Internet-grade security at low system cost. We describe trustedFleck, which uses a commodity Trusted Platform Module (TPM) chip to extend the capabilities of a standard wireless sensor node to provide security services such as message integrity, confidentiality, authenticity, and system integrity based on RSA public-key and XTEA-based symmetric-key cryptography. In addition trustedFleck provides secure storage of private keys and provides platform configuration registers (PCRs) to store system configurations and detect code tampering. We analyze system performance using metrics that are important for WSN applications such as computation time, memory size, energy consumption and cost. Our results show that trustedFleck significantly outperforms previous approaches (e.g., TinyECC) in terms of these metrics while providing stronger security levels. Finally, we describe a number of examples, built on trustedFleck, of symmetric key management, secure RPC, secure software update, and remote attestation
KALwEN+: Practical Key Management Schemes for Gossip-Based Wireless Medical Sensor Networks
The constrained resources of sensors restrict the design of a key management scheme for wireless sensor networks (WSNs). In this work, we first formalize the security model of ALwEN, which is a gossip-based wireless medical sensor network (WMSN) for ambient assisted living. Our security model considers the node capture, the gossip-based network and the revocation problems, which should be valuable for ALwEN-like applications. Based on Shamir's secret sharing technique, we then propose two key management schemes for ALwEN, namely the KALwEN+ schemes, which are proven with the security properties defined in the security model. The KALwEN+ schemes not only fit ALwEN, but also can be tailored to other scalable wireless sensor networks based on gossiping
Deterministic Secure Positioning in Wireless Sensor Networks
Properly locating sensor nodes is an important building block for a large
subset of wireless sensor networks (WSN) applications. As a result, the
performance of the WSN degrades significantly when misbehaving nodes report
false location and distance information in order to fake their actual location.
In this paper we propose a general distributed deterministic protocol for
accurate identification of faking sensors in a WSN. Our scheme does \emph{not}
rely on a subset of \emph{trusted} nodes that are not allowed to misbehave and
are known to every node in the network. Thus, any subset of nodes is allowed to
try faking its position. As in previous approaches, our protocol is based on
distance evaluation techniques developed for WSN. On the positive side, we show
that when the received signal strength (RSS) technique is used, our protocol
handles at most faking sensors. Also, when the
time of flight (ToF) technique is used, our protocol manages at most misbehaving sensors. On the negative side, we prove
that no deterministic protocol can identify faking sensors if their number is
. Thus our scheme is almost optimal with respect
to the number of faking sensors. We discuss application of our technique in the
trusted sensor model. More precisely our results can be used to minimize the
number of trusted sensors that are needed to defeat faking ones
Fully Distributed Cooperative Spectrum Sensing for Cognitive Radio Networks
Cognitive radio networks (CRN) sense spectrum occupancy and manage themselves to operate in unused bands without disturbing licensed users. The detection capability of a radio system can be enhanced if the sensing process is performed jointly by a group of nodes so that the effects of wireless fading and shadowing can be minimized. However, taking a collaborative approach poses new security threats to the system as nodes can report false sensing data to force a wrong decision. Providing security to the sensing process is also complex, as it usually involves introducing limitations to the CRN applications. The most common limitation is the need for a static trusted node that is able to authenticate and merge the reports of all CRN nodes. This paper overcomes this limitation by presenting a protocol that is suitable for fully distributed scenarios, where there is no static trusted node
IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT
With the rapid growth of the Internet-of-Things (IoT), concerns about the
security of IoT devices have become prominent. Several vendors are producing
IP-connected devices for home and small office networks that often suffer from
flawed security designs and implementations. They also tend to lack mechanisms
for firmware updates or patches that can help eliminate security
vulnerabilities. Securing networks where the presence of such vulnerable
devices is given, requires a brownfield approach: applying necessary protection
measures within the network so that potentially vulnerable devices can coexist
without endangering the security of other devices in the same network. In this
paper, we present IOT SENTINEL, a system capable of automatically identifying
the types of devices being connected to an IoT network and enabling enforcement
of rules for constraining the communications of vulnerable devices so as to
minimize damage resulting from their compromise. We show that IOT SENTINEL is
effective in identifying device types and has minimal performance overhead
- …