Analysis and evaluation of Secos, a protocol for energy efficient and secure communication in sensor networks

Wireless sensor networks are increasingly being used in applications where the communication between nodes needs to be protected from eavesdropping and tampering. Such protection is typically provided using techniques from symmetric key cryptography. The protocols in this domain suffer from one or more of the following problems—weak security guarantees if some nodes are compromised, lack of scalability, high energy overhead for key management, and increased end-to-end data latency. In this paper, we propose a protocol called Secos that mitigates these problems in static sensor networks. Secos divides the sensor field into control groups each with a control node. Data exchange between nodes within a control group happens through the mediation of the control head which provides the common key. The keys are refreshed periodically and the control nodes are changed periodically to enhance security. Secos enhances the survivability of the network by handling compromise and failures of control nodes. It provides the guarantee that the communication between any two sensor nodes remains secure despite the compromise of any number of other nodes in the network. The experiments based on a simulation model show a seven time reduction in energy overhead and a 50% reduction in latency compared to SPINS, which is one of the state-of-the-art protocols for key management in sensor networks.     

A Novel Verification Scheme for Fine-Grained Top-k Queries in Two-Tiered Sensor Networks

A two-tiered architecture with resource-rich master nodes at the upper tier and resource-poor sensor nodes at the lower tier is expected to be adopted in large scale sensor networks. In a hostile environment, adversaries are more motivated to compromise the master nodes to break the authenticity and completeness of query results, whereas it is lack of light and secure query processing protocol in tiered sensor networks at present. In this paper, we study the problem of verifiable fine-grained top- $k$ queries in two-tiered sensor networks, and propose a novel verification scheme, which is named Verification Scheme for Fine-grained Top- $k$ Queries (VSFTQ). To make top- $k$ query results verifiable, VSFTQ establishes relationships among data items of each sensor node using their orders, which are encrypted together with the scores of the data items and the interested time epoch number using distinct symmetric keys kept by each sensor node and the network owner. Both theoretical analysis and simulation results show that VSFTQ can not only ensure high probability of detecting forged and/or incomplete query results, but also significantly decrease the amount of verification information when compared with existing schemes.     

Rogue-base station detection in WiMax/802.16 wireless access networks

We address the problem of detecting a rogue base station (Bs) in WiMax/802.16 wireless access networks. A rogueBs is a malicious station that impersonates a legitimate access point (Ap). The rogueBs attack represents a major denial-of-service threat against wireless networks. Our approach is based on the observation that inconsistencies in the signal strength reports received by the mobile stations (Mss) can be seen if a rogueBs is present in a network. These reports can be assessed by the legitimate base stations, for instance, when a mobile station undertakes a handover towards anotherBs. Novel algorithms for detecting violations of received signal strength reports consistency are described in this paper. These algorithms can be used by an intrusion detection system localized on the legitimateBss or on a global network management system operating theBss.     

Node coloring based replica detection technique in wireless sensor networks

Node replication attack possess a higher level of threat in wireless sensor networks. A replicated node takes advantage of having legal identity of the compromised node to control the network traffic and inject malicious information into the network. Several techniques have been proposed to detect node replication in wireless sensor networks. However, in most of these techniques, the responsibility for replica detection lies either with the base station or a few randomly selected witness nodes. In this paper, we propose a technique for detecting replicas without the participation of base station and witness nodes. In the proposed scheme, each node is assigned with a color (value), which is unique within its neighborhood. A color conflict within the neighborhood of a node is detected as a replica. We made a comparison of the proposed scheme with RED (Conti et al. in IEEE Trans Dependable Secure Comput 8(5):685–698, 2011), LSM (Parno et al. in Proceedings of IEEE symposium on security and privacy. IEEE, pp 49–63, 2005), and SET (Choi et al. in Proceedings of third international conference on security and privacy in communications networks and the workshops, SecureComm 2007. IEEE, pp 341–350, 2007). Parameters considered for comparison are detection probability, communication complexity and storage overhead. We observed that the proposed scheme has a higher detection probability, and lower communication and storage overhead.     

Un environnement de conception de systèmes distribués basé sur UML

This paper introduces a new environment for developing distributed systems. It is based on theTurtle uml profile. Analysis and design phases, described in previous papers, have been extended with an additional deployment phase. In this new step,Turtle components are deployed over hardware execution nodes, and nodes are connected together throughout links,Turtle deployment diagrams are given a formal semantics inRt-lotos, therefore following the approach used forTurtle analysis and design diagrams. Moreover, the paper presents a Java code generator which outputs appropriate Java code forTurtle deployment diagrams. This code is automatically deployable on networks because it implements node communication using network protocols such asUdp orRmi. ttool, the turtle toolkit has been extended to support these new diagrams and code generators. The attack of protected data exchanged throughout securedHttp sessions serves as example.     

nOBS: an ns2 based simulation tool for performance evaluation of TCP traffic in OBS networks

Performance evaluation of tcp traffic in obs networks has been under intensive study, since tcp constitutes the majority of Internet traffic. As a reliable and publicly available simulator, ns2 has been widely used for studying tcp/ip networks; however ns2 lacks many of the components for simulating optical burst switching networks. In this paper, an ns2 based obs simulation tool (nobs), which is built for studying burst assembly, scheduling and contention resolution algorithms in obs networks is presented. The node and link objects in obs are extended in nobs for developing optical nodes and optical links. The ingress, core and egress node functionalities are combined into a common optical node architecture, which comprises agents responsible for burstification, routing and scheduling. The effects of burstification parameters, e.g., burstification timeout, burst size and number of burstification buffers per egress node, on tcp performance are investigated using nobs for different tcp versions and different network topologies.     

Architecture d’un réseau actif à base de services Web

This paper presents a novel active architecture for building and deploying network services:aswa, Web Services based Active network Architecture. At the architectural level,aswa defines an active node whose functionalities are divided into the Node Operating System, the Execution Environment, and the Active Applications. At the implementation level,aswa is a Web Services based platform where new components could be added and deployed, in order to dynamically modify network nodes behavior. Applications can be developed with any language and communicate across heterogeneous environments, and across Internet and Intranet structures. At the deployment levelaswa uses an active node approach, and offers a controlled deployment mode. In terms of security, Authentication of deployed code and protection of the nodes is achieved by the use ofhttps and the header extensions of thesoap envelope. Finally to validate this architecture,aswa defines a Firewall as an Active Application to secure the code deployment.     

Key-Recovery Attacks on <Emphasis FontCategory="SansSerif">ASASA</Emphasis>

The \(\mathsf {ASASA}\) construction is a new design scheme introduced at Asiacrypt 2014 by Biryukov, Bouillaguet and Khovratovich. Its versatility was illustrated by building two public-key encryption schemes, a secret-key scheme, as well as super S-box subcomponents of a white-box scheme. However, one of the two public-key cryptosystems was recently broken at Crypto 2015 by Gilbert, Plût and Treger. As our main contribution, we propose a new algebraic key-recovery attack able to break at once the secret-key scheme as well as the remaining public-key scheme, in time complexity \(2^{63}\) and \(2^{39}\), respectively (the security parameter is 128 bits in both cases). Furthermore, we present a second attack of independent interest on the same public-key scheme, which heuristically reduces the problem of breaking the scheme to an \(\mathsf {LPN}\) instance with tractable parameters. This allows key recovery in time complexity \(2^{56}\). Finally, as a side result, we outline a very efficient heuristic attack on the white-box scheme, which breaks instances claiming 64 bits of security under one minute on a laptop computer.     

Mixed RF/FSO bidirectional system achieving spectral efficiency

The performance of two-way relay (TWR)-assisted mixed radio-frequency/free-space optical (RF/FSO) system is evaluated in this letter. The proposed system employs decode-and-forward relaying phenomena where the relay is basically an interfacing node between two source nodes \(S_1\) and \(S_2\), where \(S_1\) supports RF signal, while \(S_2\) supports FSO signal. The TWR-assisted system helps in achieving spectral efficiency by managing bidirectional communication in three time slots, thus maximizing the achievable rate of the network. The RF link is subjected to generalized \(\eta -\mu \) distribution, and the optical channel is affected by path loss, pointing errors and gamma–gamma (gg) distributed atmospheric turbulence. The novel expressions for the probability density function and cumulative distribution function of the equivalent end-to-end signal-to-noise ratio (SNR) are derived. Capitalizing on these derived statistics of end-to-end SNR, the expressions of outage probability and the bit-error rate for different binary modulations and M-ary modulations are provided.     

<Emphasis Type="Italic">Nframe</Emphasis>: A privacy-preserving with non-frameability handover authentication protocol based on (<Emphasis Type="Italic">t</Emphasis>, <Emphasis Type="Italic">n</Emphasis>) secret sharing for LTE/LTE-A networks

Seamless handover between the evolved universal terrestrial radio access network and other access networks is highly desirable to mobile equipments in the long term evolution (LTE) or LTE-Advanced (LTE-A) networks, but ensuring security and efficiency of this process is challenging. In this paper, we propose a novel privacy-preserving with non-frameability handover authentication protocol based on (t, n) secret sharing to fit in with all of the mobility scenarios in the LTE/LTE-A networks, which is called Nframe. To the best of our knowledge, Nframe is the first to support protecting users’ privacy with non-frameability in the handover process. Moreover, Nframe uses pairing-free identity based cryptographic method to secure handover process and to achieve high efficiency. The formal verification by the AVISPA tool shows that Nframe is secure against various malicious attacks and the simulation result indicates that it outperforms the existing schemes in terms of computation and communication cost.     

Approximation algorithms for broadcasting in duty cycled wireless sensor networks

Broadcast is a fundamental operation in wireless sensor networks (WSNs). Given a source node with a packet to broadcast, the aim is to propagate the packet to all nodes in a collision free manner whilst incurring minimum latency. This problem, called minimum latency broadcast scheduling (MLBS), has been studied extensively in wireless ad-hoc networks whereby nodes remain on all the time, and has been shown to be NP-hard. However, only a few studies have addressed this problem in the context of duty-cycled WSNs. In these WSNs, nodes do not wake-up simultaneously, and hence, not all neighbors of a transmitting node will receive a broadcast packet at the same time. Unfortunately, the problem remains NP-hard and multiple transmissions may be necessary due to different wake-up times. Henceforth, this paper considers MLBS in duty cycled WSNs and presents two approximation algorithms, BS-1 and BS-2, that produce a maximum latency of at most \((\Delta -1) TH\) and \(13TH\) respectively. Here, \(\Delta\) is the maximum degree of nodes, \(T\) denotes the number of time slots in a scheduling period, and \(H\) is the broadcast latency lower bound obtained from the shortest path algorithm. We evaluated our algorithms under different network configurations and confirmed that the latencies achieved by our algorithms are much lower than existing schemes. In particular, compared to OTAB, the best broadcast scheduling algorithm to date, the broadcast latency and transmission times achieved by BS-1 is at least \(\frac{1}{17}\) and \(\frac{2}{5}\) that of OTAB respectively.     

A novel caching scheme for improving Internet-based mobile ad hoc networks performance

Internet-based mobile ad hoc network (Imanet) is an emerging technique that combines a wired network (e.g. Internet) and a mobile ad hoc network (Manet) for developing a ubiquitous communication infrastructure. To fulfill users’ demand to access various kinds of information, however, an Imanet has several limitations such as limited accessibility to the wired Internet, insufficient wireless bandwidth, and longer message latency. In this paper, we address the issues involved in information search and access in Imanets. An aggregate caching mechanism and a broadcast-based Simple Search (SS) algorithm are proposed for improving the information accessibility and reducing average communication latency in Imanets. As a part of the aggregate cache, a cache admission control policy and a cache replacement policy, called Time and Distance Sensitive (TDS) replacement, are developed to reduce the cache miss ratio and improve the information accessibility. We evaluate the impact of caching, cache management, and the number of access points that are connected to the Internet, through extensive simulation. The simulation results indicate that the proposed aggregate caching mechanism can significantly improve an Imanet performance in terms of throughput and average number of hops to access data items.     

Throughput and delay analysis for hybrid radio-frequency and free-space-optical (RF/FSO) networks

In this paper the per-node throughput and end-to-end delay of randomly deployed (i.e. ad-hoc) hybrid radio frequency - free space optics (RF/FSO) networks are studied. The hybrid RF/FSO network consists of an RF ad hoc network of n nodes, f(n) of them, termed ‘super nodes’, are equipped with an additional FSO transceiver with transmission range s(n). Every RF and FSO transceiver is able to transmit at a maximum data rate of W ₁ and W ₂ bits/sec, respectively. An upper bound on the per node throughput capacity is derived. In order to prove that this upper bound is achievable, a hybrid routing scheme is designed whereby the data traffic is divided into two classes and assigned different forwarding strategies. The capacity improvement with the support of FSO nodes is evaluated and compared against the corresponding results for pure RF wireless networks. Under optimal throughput scaling, the scaling of average end-to-end delay is derived. A significant gain in throughput capacity and a notable reduction in delay will be achieved if \(f(n) = \Upomega\left(\frac{1}{s(n)}\sqrt{\frac{n}{\log n}}\cdot \frac{W_1}{W_2} \right)\). Furthermore, it is found that for fixed W ₁, f(n) and n where f(n) < n, there is no capacity incentive to increase the FSO data rate beyond a critical value. In addition, both throughput and delay can achieve linear scaling by properly adjusting the FSO transmission range and the number of FSO nodes.     

Automata Evaluation and Text Search Protocols with Simulation-Based Security

This paper presents efficient protocols for securely computing the following two problems: (1) The fundamental problem of pattern matching. This problem is defined in the two-party setting, where party \(P_1\) holds a pattern and party \(P_2\) holds a text. The goal of \(P_1\) is to learn where the pattern appears in the text, without revealing it to \(P_2\) or learning anything else about \(P_2\)’s text. This problem has been widely studied for decades due to its broad applicability. We present several protocols for several notions of security. We further generalize one of our solutions to solve additional pattern matching-related problems of interest. (2) Our construction from above, in the malicious case, is based on a novel protocol for secure oblivious automata evaluation which is of independent interest. In this problem, party \(P_1\) holds an automaton and party \(P_2\) holds an input string, and they need to decide whether the automaton accepts the input, without learning anything else. Our protocol obtains full security in the face of malicious adversaries.     

A distributed cross-layer intrusion detection system forad hoc networks

Most existing intrusion detection systems (Idss) for ad hoc networks are proposed for single layer detection. Although they may apply to other layers of network protocol stack, individual layers of data is still being analyzed separately. In addition, most have not been able to emphasize localization of attack source. In this paper, we propose an anomaly-based ids that utilizes cross-layer features to detect attacks, and localizes attack sources within onehop perimeter. Specifically, we suggest a compact feature set that incorporate intelligence from bothMac layer and network layer to profile normal behaviors of mobile nodes; we adapt a data mining anomaly detection technique from wired networks to ad hoc networks; and we develop a novel collaborative detection scheme that enables theIds to correlate local and global alerts. We validate our work through ns-2 simulation experiments. Experimental results demonstrate the effectiveness of our method.     

Delay control in MANETs with erasure coding and f-cast relay

Packet delay control in mobile ad hoc networks (MANETs) is critical to support delay-sensitive applications in such networks. By combining erasure coding and packet redundancy techniques, this paper proposes a general two-hop relay algorithm 2HR- \((x,\tau ,f)\) for a flexible control of packet delivery delay in MANETs, where a group of x packets in source node are first encoded into \(x\cdot \tau\) encoded packets based erasure coding, and each encoded packet is then delivered to at most f distinct relay nodes (f-cast) that will help to forward the encoded packet to destination node. To understand the delay performance in a 2HR- \((x,\tau ,f)\) MANET, we then develop a discrete time multi-dimensional Markov chain model to depict the packet delivery process in the network, based on which closed-form results on mean and variance of packet delivery delay are further derived. Finally, extensive simulation and theoretical results are provided to illustrate the efficiency of our delay models as well as the capability of the 2HR- \((x,\tau ,f)\) algorithm in delay control.     

Key management protocol with end-to-end data security and key revocation for a multi-BS wireless sensor network

Focusing on a large-scale wireless sensor network with multiple base stations (BS), a key management protocol is designed in this paper. For securely relaying data between a node and a base station or two nodes, an end-to-end data security method is adopted by this protocol. Further employing a distributed key revocation scheme to efficiently remove compromised nodes then forms our key management protocol celled multi-BS key management protocol (MKMP). Through performance evaluation, we show that MKMP outperforms LEDS Ren et al. (IEEE Trans Mobile Comput 7(5):585–598, 2008) in terms of efficiency of resilience against the node capture attack. With the analysis of key storage overheads, we demonstrate that MKMP performs better than mKeying Wang et al. (A key management protocol for wireless sensor networks with multiple base stations. In: Procceedings of ICC'08, pp 1625–1629, 2008) in terms of this overhead.     

Stability analysis for a class of complex dynamical networks with 2-D dynamics

In this paper, the problems of stability and decentralized control are studied for a class of linear coupled dynamical networks with Fornasini–Marchesini second local state-space dynamics. Necessary and sufficient stability conditions are obtained for a class of linear network composed by $N$ identical nodes. Effects of the interconnection on stability of network are presented by eigenvalues of the topological matrix, and the effectiveness of interconnection on network stability is pointed out. Moreover, the decentralized control laws are presented for two types of linear regular networks: star-shaped coupled networks and globally coupled networks in detail. The relationships between the stability of a network and the stability of its corresponding nodes are studied. It is shown that some nodes must be made stable in order to stabilize the whole network in some cases. However, the detailed relationship is needed to be further investigated.     

A countermeasure againstDDOS attacks using active networks technologies

A Distributed Denial of Service (DDoCS) attack consumes the resources of a remote host or network by sending a massive amount ofIP packets from many distributed hosts. It is a pressing problem on the Internet as demonstrated by recent attacks on major e-commerce servers andISPs. Since the attack is distributed and the attack tools evolve at a rapid and alarming rate, an effective solution must be formulated using a distributed and adaptive approach. In this paper, we propose a countermeasure againstDDoCS attacks using a method we call Active Shaping. Our method employs the Active Networks technologies, which incorporates programmability into network nodes. The Active Networks technology enables us to deter congestion and bandwidth consumption of the backbone network caused byDDoCS attacks, and to prevent our system from dropping packets of legitimate users mistakenly. This paper introduces the concept of our method, system design and evaluates the effectiveness of our method using a prototype.