Hidden Markov model cryptanalysis

We present HMM attacks, a new type of cryptanalysis based on modeling randomized side channel countermeasures as Hidden Markov Models (HMM's)

ABSTRACT TinySec: A Link Layer Security Architecture for Wireless Sensor Networks

We introduce TinySec, the first fully-implemented link layer security architecture for wireless sensor networks. In our design, we leverage recent lessons learned from design vulnerabilities in security protocols for other wireless networks such as 802.11b and GSM. Conventional security protocols tend to be conservative in their security guarantees, typically adding 16–32 bytes of overhead. With small memories, weak processors, limited energy, and 30 byte packets, sensor networks cannot afford this luxury. TinySec addresses these extreme resource constraints with careful design; we explore the tradeoffs among different cryptographic primitives and use the inherent sensor network limitations to our advantage when choosing parameters to find a sweet spot for security, packet overhead, and resource requirements. TinySec is portable to a variety of hardware and radio platforms. Our experimental results on a 36 node distributed sensor network application clearly demonstrate that software based link layer protocols are feasible and efficient, adding less than 10 % energy, latency, and bandwidth overhead

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

We consider routing security in wireless sensor networks. Many sensor network routing protocols have been proposed, but none of them have been designed with security as a goal. We propose security goals for routing in sensor networks, show how attacks against ad-hoc and peer-to-peer networks can be adapted into powerful attacks against sensor networks, introduce two classes of novel attacks against sensor networks --- sinkholes and HELLO floods, and analyze the security of all the major sensor network routing protocols. We describe crippling attacks against all of them and suggest countermeasures and design considerations. This is the first such analysis of secure routing in sensor networks

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

We consider routing security in wireless sensor networks. Many sensor network routing protocols have been proposed, but none of them have been designed with security as a goal. We propose security goals for routing in sensor networks, show how attacks against ad-hoc and peer-to-peer networks can be adapted into powerful attacks against sensor networks, introduce two classes of novel attacks against sensor networks — sinkholes and HELLO floods, and analyze the security of all the major sensor network routing protocols. We describe crippling attacks against all of them and suggest countermeasures and design considerations. This is the first such analysis of secure routing in sensor networks

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

We consider routing security in wireless sensor networks. Many sensor network routing protocols have been proposed, but none of them have been designed with security as a goal. We propose security goals for routing in sensor networks, show how attacks against ad-hoc and peer-to-peer networks can be adapted into powerful attacks against sensor networks, introduce two classes of novel attacks against sensor networks — sinkholes and HELLO floods, and analyze the security of all the major sensor network routing protocols. We describe crippling attacks against all of them and suggest countermeasures and design considerations. This is the first such analysis of secure routing in sensor networks

Doppelganger: Better browser privacy without the bother

We introduce Doppelganger, a novel system for creating and enforcing fine-grained, privacy preserving browser cookie policies with low manual effort. Browser cookies pose privacy risks, since they can be used to track users ’ actions in detail, but some cookies also enable useful functionality, like personalization features. Web browsers currently lack an effective cookie management mechanism. Users must choose between two unpalatable options: a permissive, privacy-compromising policy for every site they visit, or a seemingly endless series of questions to which they must supply underinformed opinions. Doppelganger takes a big step forward: it makes automated determinations of cookies ’ value to enable a costbenefit analysis, and offers an automated recovery system when that mechanism—or the user—makes an incorrect judgment. Doppelganger leverages client-side parallelism to automatically and simultaneously explore multiple cookie policies, enabling each user to create her ideal cookie policy. We tackle important and difficult subproblems along the way: mechanisms for recording and replaying web sessions; improved handling of third-party cookies; and enforcing fine-grained, per-site cookie mediation. We implemented Doppelganger as a Firefox extension; we discuss experimental results comparing it to various browser settings, as well as lessons learned from the real-world engineering challenges we faced in our implementation

Abstract

We introduce distillation codes, a method for streaming and storing data. Like erasure codes, distillation codes allow information to be decoded from a sufficiently large quorum of symbols. In contrast to erasure codes, distillation codes are robust against pollution attacks, a powerful class of denial of service (DoS) attacks in which adversaries inject invalid symbols during the decoding process. We examine applications of distillation codes to multicast authentication. Previous applications of erasure codes to multicast authentication are vulnerable to low bandwidth pollution attacks. We demonstrate pollution attacks against previous approaches which prevent receivers from verifying any authentic packets. To resist pollution attacks, we introduce Pollution Resistant Authenticated Block Streams, which have low overhead and can tolerate arbitrary patterns of packet loss within a block up to a predetermined number of packets. In the face of 40Mb/s of attack traffic, PRABS receivers successfully authenticate the stream and consume only 10 % of their CPU. 1

Abstract

We introduce distillation codes, a method for streaming and storing data. Like erasure codes, distillation codes allow information to be decoded from a sufficiently large quorum of symbols. In contrast to erasure codes, distillation codes are robust against pollution attacks, a powerful class of denial of service (DoS) attacks in which adversaries inject invalid symbols during the decoding process. We examine applications of distillation codes to multicast authentication. Previous applications of erasure codes to multicast authentication are vulnerable to low bandwidth pollution attacks. We demonstrate pollution attacks against previous approaches which prevent receivers from verifying any authentic packets. To resist pollution attacks, we introduce Pollution Resistant Authenticated Block Streams, which have low overhead and can tolerate arbitrary patterns of packet loss within a block up to a predetermined number of packets. In the face of 40Mb/s of attack traffic, PRABS receivers successfully authenticate the stream and consume only 10 % of their CPU. 1