Aldar C.-F. Chan

Efficient and provably secure aggregation of encrypted data in wireless sensor networks

Wireless sensor networks (WSNs) are composed of tiny devices with limited computation and battery capacities. For such resource-constrained devices, data transmission is a very energy-consuming operation. To maximize WSN lifetime, it is essential to minimize the number of bits sent and received by each device. One natural approach is to aggregate sensor data along the path from sensors to the sink. Aggregation is especially challenging if end-to-end privacy between sensors and the sink (or aggregate integrity) is required. In this article, we propose a simple and provably secure encryption scheme that allows efficient additive aggregation of encrypted data. Only one modular addition is necessary for ciphertext aggregation. The security of the scheme is based on the indistinguishability property of a pseudorandom function (PRF), a standard cryptographic primitive. We show that aggregation based on this scheme can be used to efficiently compute statistical values, such as mean, variance, and standard deviation of sensed data, while achieving significant bandwidth savings. To protect the integrity of the aggregated data, we construct an end-to-end aggregate authentication scheme that is secure against outsider-only attacks, also based on the indistinguishability property of PRFs.

Distributed symmetric key management for mobile ad hoc networks

Key management is an essential cryptographic primitive upon which other security primitives are built. However, none of the existing key management schemes are suitable for ad hoc networks. They are either too inefficient, not functional on an arbitrary or unknown network topology, or not tolerant to a changing network topology or link failures. Recent research on distributed sensor networks suggests that key pre-distribution schemes (KPS) are the only practical option for scenarios where the network topology is not known prior to deployment. However, all of the existing KPS schemes rely on trusted third parties (TTP) rendering them inapplicable in many ad hoc networking scenarios and thus restricting them from wide-spread use in ad hoc networks. To eliminate this reliance on TTP, we introduce distributed key pre-distribution scheme (DKPS) and construct the first DKPS prototype to realize fully distributed and self-organized key pre-distribution without relying on any infrastructure support. DKPS overcomes the main limitations of the previous schemes, namely the needs of TTP and an established routing infrastructure. It minimizes the requirements posed on the underlying networks and can be easily applied to the ad hoc networking scenarios where key pre-distribution schemes were previously inapplicable. Finally, DKPS is robust to changing topology and broken links and can work before any routing infrastructure has been established, thus facilitating the widespread deployment of secure ad hoc networks.

Scalable, Server-Passive, User-Anonymous Timed Release Cryptography

We consider the problem of sending messages into the future, commonly known as timed release cryptography. Existing schemes for this task either solve the relative time problem with uncontrollable, coarse-grained release time (time-lock puzzle approach) or do not provide anonymity to senders and/or receivers and are not scalable (server-based approach). Using a bilinear pairing on any Gap Diffie-Hellman group, we solve this problem by giving scalable, server-passive and user-anonymous timed release public-key encryption schemes allowing precise absolute release time specifications. Unlike the existing server-based schemes, the trusted time server in our scheme is completely passive - no interaction between it and the sender or receiver is needed; it is even not aware of the existence of a user, thus assuring the privacy of a message and the anonymity of both its sender and receiver. Besides, our scheme also has a number of desirable properties including a single form of update for all users, self-authenticated time-bound key updates, and key insulation, making it a scalable and appealing solution. It could also be easily generalized to a more general policy lock mechanism

A security framework for privacy-preserving data aggregation in wireless sensor networks

A formal treatment to the security of Concealed Data Aggregation (CDA) and the more general Private Data Aggregation (PDA) is given. While there exist a handful of constructions, rigorous security models and analyses for CDA or PDA are still lacking. Standard security notions for public key encryption, including semantic security and indistinguishability against chosen ciphertext attacks, are refined to cover the multisender nature and aggregation functionality of CDA and PDA in the security model. The proposed security model is sufficiently general to cover most application scenarios and constructions of privacy-preserving data aggregation. An impossibility result on achieving security against adaptive chosen ciphertext attacks in CDA/PDA is shown. A generic CDA construction based on public key homomorphic encryption is given, along with a proof of its security in the proposed model. The security of a number of existing schemes is analyzed in the proposed model.

Symmetric-Key Homomorphic Encryption for Encrypted Data Processing

The difficulty of processing data in encrypted form has long been the barrier to the widespread use of encryption in data storage applications; improved security or privacy would always imply a sacrifice of functionality. Many applications, such as ASP, requiring a significant amount of processing at the data storage servers are hence precluded from using encryption to protect data privacy. To address this problem, this paper works on privacy homomorphism which allows encrypted data to be operated on. Two additive homomorphic schemes, namely Iterated Hill Cipher (IHC) and Modified Rivest Scheme (MRS), are given. They are secure to ciphertext-only attacks and have the nice property that the same data may have different representations in the encrypted domain.

Cyber–Physical Device Authentication for the Smart Grid Electric Vehicle Ecosystem

Entity authentication and related key management is an active research topic in smart grid security. However, existing works seem to have overlooked the significance that the smart grid is a cyber-physical system, which entails more considerations in the integration of its cyber and physical domains. Ignoring this could possibly undermine security since the effects of cyber authorization in the smart grid are usually extended into the physical domain. The substitution attack, a kind of the man-in-the-middle attack, has been demonstrated using this gap. This paper proposes a two-factor cyber-physical device authentication protocol to defend against coordinated cyber-physical attacks in the smart grid. The idea is to combine a novel contextual factor based on physical connectivity in the power grid with the conventional authentication factor in the challenge-response protocol, widely used in cybersecurity. The resulting protocol provides assurance on not only the digital identity of a device but also the devices controllability in the physical domain. While the design is for the electric vehicle ecosystem, the framework could be readily extended to other smart grid subsystems.

A graph-theoretical analysis of multicast authentication

Message authentication is considered as a serious bottleneck to multicast security, particular for stream-type of traffic. The technique of hash chaining/signature amortization has been proposed in many schemes for stream authentication, with or without multicast settings. However, none of them is optimal. They either have a large packet overhead or are not robust to packet loss. Some even have a large receiver delay or require a large receiver buffer size. These schemes are constructed by trial-and-error methods. There lack tools to evaluate and compare their performances. There is no systematic way to construct these schemes either In this paper, we introduce the notion of dependence-graphs which links these hash-chained authentication schemes to the well-known graph theory, and provides an effective analytical tool. Many important metrics of a hash-chained authentication scheme can be readily and easily determined from its dependence-graph. As well, a dependence-graph demonstrates design tradeoff and provides insights into optimizing hash-chained schemes.

On the (Im)possibility of aggregate message authentication codes

In data aggregation, multiple source nodes send their data to a sink along a concast tree with aggregation done en route so that the sink can obtain the aggregate (which could be the sum, average, etc.) of all these data. End-to-end privacy and aggregate integrity are the two main goals of secure data aggregation. While the privacy goal has been widely studied, providing end-to-end aggregate integrity in the presence of possibly compromised aggregating nodes remains largely an open problem. Message Authentication Codes (MAC) are commonly used to provide end-to-end data integrity in two party settings. Natural extensions of MAC for the data aggregation scenario are considered. It is shown that a straightforward and intuitive refinement of the MAC security model (for the data aggregation setting) is not achievable. A weaker security notion is proposed; whether this notion is achievable remains unclear.

Impacts of handoff on TCP performance in mobile wireless computing

The effects of intermittent disconnections due to host motions on the performance of the TCP connections are investigated. Fading and handoff due to host motion cause increased the delay and packet losses to the active transport layer connection. The TCP interprets these as signs of network congestion. As a result, it promptly throttles its transmissions and backoffs its timers, leading to slow post-handoff recovery of the transmission and long idle time. These cause severe end-to-end throughput degradation and unreasonably long interactive delay for human interaction. We present three phenomena observed (long communication pause, slow post-handoff recovery, and successive timeouts) which are the main causes of the TCP performance degradation in the presence of handoff. To alleviate these effects on the TCP, two schemes, PROBE and BUFFER+FREEZE, are proposed. PROBE makes the TCP aware of mobility and adapts the protocol to the mobile environment. Whereas; BUFFER+FREEZE tries to hide the effects of motion from TCP by buffering at the basestation and freezing the action of the TCP source.

Distributed Private Key Generation for Identity Based Cryptosystems in Ad Hoc Networks

Identity Based Cryptography (IBC) has the advantage that no public key certification is needed when used in a mobile ad hoc network (MANET). This is especially useful when bi-directional channels do not exist in a MANET. However, IBC normally needs a centralized server for issuing private keys for different identities. We give a protocol distributing this task among all users, thus eliminating the need of a centralized server in IBC for use in MANETs.