An Ontology for Attacks in Wireless Sensor Networks

Wireless sensor networks (WSNs) have many potential applications. In many scenarios WSNs are of interest to adversaries and they become susceptible to some types of attacks since they are deployed in open environments and have limited resources. Many attacks are known against WSNs. Protections exist against some of them but for the others IDS (Intrusion Detection Mechanism) systems are required. In this report, we present a new WSN attacks ontology that enable us to identify the intention of the attacker, his capabilities to achieve the attacks, the target and the end result. This ontology is a high level abstraction that does not depend on the IDS system used. We also survey known vulnerabilities and attacks in WSNs and present some defenses

Problèmes d'allocation dynamique d'adresses

International audienceL'allocation dynamique d'adresses est un problème important dans les réseaux ne disposant pas d'infrastructure centralisée. Cet article propose un modèle pour les algorithmes d'allocation d'adresses à état (stateful). A partir de ce modèle, nous étudions les caractéristiques des algorithmes PrimeDHCP, Quadratic Residue Based DHCP et Prophet. Nous montrons que PrimeDHCP a un problème de dépassement de taille d'adresse, que Quadratic Residue Based DHCP est une version à deux sauts de Distributed DHCP, et enfin que Prophet n'est pas meilleur qu'une allocation aléatoire sans état (stateless) en terme de collision. La démarche de cet article est relativement originale puisque nous employons principalement des outils provenant de la cryptologie

Energy Efficient Authentication Strategies for Network Coding

International audienceRecent advances in information theory and networking, e.g. aggregation, network coding or rateless codes, have significantly modified data dissemination in wireless networks. These new paradigms create new threats for security such as pollution attacks and denial of services (DoS). These attacks exploit the difficulty to authenticate data in such contexts. The particular case of xor network coding is considered herein. We investigate different strategies based on message authentication codes algorithms (MACs) to thwart these attacks. Yet, classical MAC designs are not compatible with the linear combination of network coding. Fortunately, MACs based on universal hash functions (UHFs) match nicely the needs of network coding: some of these functions are linear h(x1⊕x2)=h(x1)⊕h(x2). To demonstrate their efficiency, we consider the case of wireless sensor networks (WSNs). Although these functions can drastically reduce the energy consumption of authentication (up to 68% gain over the classical designs is observed), they increase the threat of DoS. Indeed, an adversary can disrupt all communications by polluting few messages. To overcome this problem, a group testing algorithm is introduced for authentication resulting in a complexity linear in the number of attacks. The energy consumption is analyzed for cross-point and butterfly network topologies with respect to the possible attack scenarios. The results highlight the trade-offs between energy efficiency, authentication and the effective throughput for the different MAC modes

Key establishment and management for WSNs

International audienc

Proposition de gestion des clés et de contrôle d'accès dans un réseau de capteurs

National audienc

Hierarchical node replication attacks detection in wireless sensors networks

International audienceWireless sensor networks (WSNs) are composed of a large number of low-cost, low-power, and multi-functional sensor nodes that communicate at short distance through wireless links. They are usually deployed in an open and uncontrolled environment where attackers may be present. Due to the use of low-cost materials, hardware components are not tamper-resistant and an adversary could access a sensor's internal state. An adversary can easily capture even a single node and inserts duplicated nodes at any location in the network. If no specific detection mechanisms are established, the attacker could lead many insidious attacks such as subverting data aggregation protocols by injecting false data, revoking legitimate nodes and disconnecting the network if the replicated nodes are judiciously placed at chosen locations. In this paper, we propose a hierarchical distributed algorithm for detecting node replication attacks using a Bloom filter mechanism and a cluster head selection, we also introduce the adequate network replies in case of detection. We also present simulation results for random topologies and show that our algorithm is able to detect replication attacks in all cases

Aggregated Authentication (AMAC) using Universal Hash Functions

International audienceAggregation is a very important issue to reduce the energy consumption in Wireless Sensors Networks (WSNs). There is currently a lack of cryptographic primitives for authentication of aggregated data. The theoretical background for Aggregated Message Authentication Codes (AMACs) has been proposed by Chan and Castelluccia at ISIT 08. In this paper, we propose a MAC design based on universal hash functions and more precisely on the Krawczyk's constructions. We show how those designs can be used for aggregation and how it can be easily adapted for WSNs. Our two AMAC constructions offer a small memory footprint and a signification speed to fit into a sensor. Moreover, when compared with scenarios without aggregation, the method proposed here induces a simulated energy gain between 3 and 9

Quelques propositions de solutions pour la sécurité des réseaux de capteurs sans fil

Cette thèse a pour objectif d'étudier des solutions susceptibles d'assurer la sécurité dans les réseaux de capteurs sans fil. Après avoir présenté l'état de l'art du domaine, cette thèse s'articule autour de trois grandes parties. La première partie propose des solutions algorithmiques pour la sécurité des réseaux de capteurs. Deux mécanismes dédiés permettant de détecter deux attaques particulières de ces réseaux sont proposés. Il s'agit d'une première solution permettant de détecter l'attaque. La deuxième solution permet de détecter l'attaque de réplication de nœuds en se basant sur une approche hiérarchique. La deuxième partie se concentre sur des solutions fondées sur l'utilisation de la cryptographie symétrique. Ainsi, un premier protocole de gestion clés et de contrôle d'accès est proposé. Son but est de partager une clé commune entre chaque paire de nœuds présents dans le réseau. Dans un deuxième temps, nous nous sommes intéressés à la sécurisation de l'agrégation des données. Plus précisément, nous proposons deux mécanismes fondés sur sur les fonctions de hachage universelles permettant d'agréger des preuves d'intégrité des données transmises afin de permettre au puits de vérifier l'intégrité des données agrégées. Dans une troisième partie, alors que la diversité des solutions de sécurité permet de définir des politiques de sécurité capable d'assurer des propriétés bien définies, nous présentons une démarche de modélisation formelle permettant de simuler et d'évaluer l'impact des politiques de sécurité sur la consommation énergétique d'un réseau. Le but est ici d'évaluer l'impact en terme d'énergie du passage d'une politique à une autre, ce qui nous permettra ensuite de mieux gérer par exemple la durée de vie d'un réseau de capteurs.The self-organized growth of three-dimensional (3D) quantum dots has attracted a lot of interest for their potential applications in ptoelectronic and in nanophotonic devices. In this work, we study by optical spectroscopy lnAs/lnP and lnAs/GaAs quantum dots grown by molecular beam epitaxy (MBE) using the Stanski-Krastanov (SK) growth mode. The quantum dots are then embedded in an electric-field tunable device called nanopixel . ln the case of the lnAs/lnP quantum dots, we focused on the impact of growth conditions like the cap thickness of the double cap process on the emission energy, the influence of the first cap, temperature effect and the exciton-biexciton system. In the case of lnAs/GaAs system, we studied the impact of the capping layer, the excited level sates, the excitonbi-exciton system, and the impact of temperature. We successfully fabricated nanopixels including a quantum dots layer inside the intrinsic region of a Schottky diode. First results showing the effect of an electric field on a single quantum dot emission are finally described.VILLEURBANNE-DOC'INSA LYON (692662301) / SudocSudocFranceF

Hierarchical Node Replication Attacks Detection in Wireless Sensor Networks

Wireless sensor networks (WSNs) are composed of numerous low-cost, low-power sensor nodes communicating at short distance through wireless links. Sensors are densely deployed to collect and transmit data of the physical world to one or few destinations called the sinks. Because of open deployment in hostile environment and the use of low-cost materials, powerful adversaries could capture them to extract sensitive information (encryption keys, identities, addresses, etc.). When nodes may be compromised, “beyond cryptography” algorithmic solutions must be envisaged to complement the cryptographic solutions. This paper addresses the problem of nodes replication; that is, an adversary captures one or several nodes and inserts duplicated nodes at any location in the network. If no specific detection mechanisms are established, the attacker could lead many insidious attacks. In this work, we first introduce a new hierarchical distributed algorithm for detecting node replication attacks using a Bloom filter mechanism and a cluster head selection (see also Znaidi et al. (2009)). We present a theoretical discussion on the bounds of our algorithm. We also perform extensive simulations of our algorithm for random topologies, and we compare those results with other proposals of the literature. Finally, we show the effectiveness of our algorithm and its energy efficiency