An Implementation of Distance-Based Message Authentication for WSNs

Distance-Based Message Authentication (DBMA) provides an additional layer of access control and helps to defend against key compromise and denial-of-service attacks on constrained nodes. The distance between sender and receiver is measured securely. Messages sent from outside a defined physical distance can be rejected early, protecting vulnerable higher layers. We show our initial implementation using the Nanotron NA5TR1. We show how changing MAC addresses can avoid modification to ranging hardware

Optimized usage of network resources based on context information

Today an efficient (cost-effective) design and usage of networks is of particular importance. As more and more computer systems become context-aware the question of how context information can be used to improve computer networks arises. In this poster we describe how context information can be used to optimize the usage of resources in a computer network. By means of a mobile payment system we show how these optimization method can be applied

Evaluating and improving firewalls for ip-telephony environments

Firewalls are a well established security mechanism for providing access control and auditing at the borders between different administrative network domains. Their basic architecture, techniques and operation modes did not change fundamentally during the last years. On the other side new challenges emerge rapidly when new innovative application domains have to be supported. IP-Telephony applications are considered to have a huge economic potential in the near future. For their widespread acceptance and thereby their economic success they must cope with established security policies. Existing firewalls face immense problems here, if they - as it still happens quite often - try to handle the new challenges in a way they did with "traditional applications". As we will show in this paper, IP-Telephony applications differ from those in many aspects, which makes such an approach quite inadequate. After identifying and characterizing the problems we therefore describe and evaluate a more appropriate approach. The feasibility of our architecture will be shown. It forms the basis of a prototype implementation, that we are currently working on

LoRa Transmission Parameter Selection

Low-Power Wide-Area Network (LPWAN) technologies such as Long Range (LoRa) are emerging that enable power efficient wireless communication over very long distances. LPWAN devices typically communicate directly to a sink node which removes the need of constructing and maintaining a complex multi-hop network. However, to ensure efficient and reliable communication LPWAN devices often provide a large number of transmission parameters. For example, a LoRa device can be configured to use different spreading factors, bandwidth settings, coding rates and transmission powers, resulting in over 6720 possible settings. It is a challenge to determine the setting that minimises transmission energy cost while meeting the required communication performance. This paper is the first to present a thorough analysis of the impact of LoRa transmission parameter selection on communication performance. We study in detail the impact of parameter settings on energy consumption and communication reliability. Using this study we develop a link probing regime which enables us to quickly determine transmission settings that satisfy performance requirements. The presented work is a first step towards an automated mechanism for LoRa transmission parameter selection that a deployed LoRa network requires, but is not yet specified within the Long Range Wide Area Network (LoRaWAN) framework

Demo Abstract: Securing Communication in 6LoWPAN with Compressed IPsec

With the inception of IPv6 it is possible to assign a unique ID to each device on planet. Recently, wireless sensor networks and traditional IP networks are more tightly integrated using IPv6 and 6LoWPAN. Real-world deployments of WSN demand secure communication. The receiver should be able to verify that sensor data is generated by trusted nodes and/or it may also be necessary to encrypt sensor data in transit. Available IPv6 protocol stacks can use IPsec to secure data exchanges. Thus, it is desirable to extend 6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is beneficial to use IPsec because the existing end-points on the Internet do not need to be modified to communicate securely with the WSN. Moreover, using IPsec, true end-to-end security is implemented and the need for a trustworthy gateway is removed. In this demo we will show the usage of our implemented lightweight IPsec. We will show how IPsec ensures end-to-end security between an IP enabled sensor networks and the traditional Internet. This is the first compressed lightweight design, implementation, and evaluation of a 6LoWPAN extension for IPsec. This demo complements the full paper that will appear in the parent conference, DCOSS’11

Network Coding with Limited Overhearing

The two key benefits of network coding are increased reliability and throughput. Most network coding approaches for wireless networks rely on overhearing neighboring transmissions. Overhearing in sensor networks, however, is not energy-efficient. In this paper, we extend GinMAC, a state-of-the-art MAC protocol, applying network coding with limited overhearing. Our approach reduces the delay allocating less retransmission slots. Our results show that network coding with limited overhearing reduces the power consumption of GinMAC while maintaining the desired level of reliability

Poster Abstract: Network Coding with Limited Overhearing

CONETGINSEN

A Comprehensive Experimental Comparison of Event Driven and Multi-Threaded Sensor Node Operating Systems

The capabilities of a sensor network are strongly influenced by the operating system used on the sensor nodes. In general, two different sensor network operating system types are currently considered: event driven and multi-threaded. It is commonly assumed that event driven operating systems are more suited to sensor networks as they use less memory and processing resources. However, if factors other than resource usage are considered important, a multi-threaded system might be preferred. This paper compares the resource needs of multi-threaded and event driven sensor network operating systems. The resources considered are memory usage and power consumption. Additionally, the event handling capabilities of event driven and multi-threaded operating systems are analyzed and compared. The results presented in this paper show that for a number of application areas a thread-based sensor network operating system is feasible and preferable

Improving the Energy Efficiency of the MANTIS Kernel

Event-driven operating systems such as TinyOS are the preferred choice for wireless sensor networks. Alternative designs following a classical multi-threaded approach are also available. A popular implementation of such a multi-threaded sensor network operating system is MANTIS. The event-based TinyOS is more energy efficient than the multi-threaded MANTIS system. However, MANTIS is more capable than TinyOS of supporting time critical tasks as task preemption is supported. Thus, timeliness can be traded for energy efficiency by choosing the appropriate operating system. In this paper we present a MANTIS kernel modification that enables MANTIS to be as power efficient as TinyOS. Results from an experimental analysis demonstrate that the modified MANTIS can be used to fit both sensor network design goals of energy efficiency and timeliness

IP-Telefonie und Firewalls, Probleme und Lösungen

Im Rahmen einer umfassenden Security-Policy stellen Firewall -Systeme eine wichtige Maßnahme zum Schutz eines privaten Netzes vor Angriffen aus dem Internet dar. Durch die Einführung neuer Applikationstypen, zu denen auch IP-Telefonie Applikationen gehören, ergeben sich neue Anforderungen denen ein Firewall-System gerecht werden muß. Diesen neuen Anforderungen werden existierende Firewall-Systeme nicht gerecht, weshalb IP-Telefonie Applikationen von Firewalls zur Zeit nicht zufriedenstellend unterstützt werden können. In diesem Beitrag werden wir zeigen, welche speziellen Probleme sich bei der Integration von IP-Telefonie Unterstützung in eine Firewall ergeben. Dazu werden wir ausgewählte, von einer Firewall zu unterstützenden Telefonieszenarien, erläutern, sowie ausgewählte vorhandene Firewall-Lösungen und ihre existierenden Beschränkungen beschreiben. Nachdem die Probleme identifiziert und klassifiziert sind, werden wir die daraus resultierenden Anforderungen, denen eine IP-Telefonie fähige Firewall gerecht werden muß, herleiten. Abschließend werden wir eine mögliche technische Umsetzung dieser Anforderungen, sowie den entsprechenden realisierten Prototypen beschreiben