Amar Rasheed

The Three-Tier Security Scheme in Wireless Sensor Networks with Mobile Sinks

Mobile sinks (MSs) are vital in many wireless sensor network (WSN) applications for efficient data accumulation, localized sensor reprogramming, and for distinguishing and revoking compromised sensors. However, in sensor networks that make use of the existing key predistribution schemes for pairwise key establishment and authentication between sensor nodes and mobile sinks, the employment of mobile sinks for data collection elevates a new security challenge: in the basic probabilistic and q-composite key predistribution schemes, an attacker can easily obtain a large number of keys by capturing a small fraction of nodes, and hence, can gain control of the network by deploying a replicated mobile sink preloaded with some compromised keys. This article describes a three-tier general framework that permits the use of any pairwise key predistribution scheme as its basic component. The new framework requires two separate key pools, one for the mobile sink to access the network, and one for pairwise key establishment between the sensors. To further reduce the damages caused by stationary access node replication attacks, we have strengthened the authentication mechanism between the sensor and the stationary access node in the proposed framework. Through detailed analysis, we show that our security framework has a higher network resilience to a mobile sink replication attack as compared to the polynomial pool-based scheme.

Key Predistribution Schemes for Establishing Pairwise Keys with a Mobile Sink in Sensor Networks

Security services such as authentication and pairwise key establishment are critical to sensor networks. They enable sensor nodes to communicate securely with each other using cryptographic techniques. In this paper, we propose two key predistribution schemes that enable a mobile sink to establish a secure data-communication link, on the fly, with any sensor nodes. The proposed schemes are based on the polynomial pool-based key predistribution scheme, the probabilistic generation key predistribution scheme, and the Q-composite scheme. The security analysis in this paper indicates that these two proposed predistribution schemes assure, with high probability and low communication overhead, that any sensor node can establish a pairwise key with the mobile sink. Comparing the two proposed key predistribution schemes with the Q-composite scheme, the probabilistic key predistribution scheme, and the polynomial pool-based scheme, our analytical results clearly show that our schemes perform better in terms of network resilience to node capture than existing schemes if used in wireless sensor networks with mobile sinks.

An Energy-Efficient Hybrid Data Collection Scheme in Wireless Sensor Networks

We propose an energy-efficient hybrid data collection architecture based on controllably mobile infrastructure for a class of applications in which sensor networks provide both low-priority and high-priority data. High-priority data require a data delivery scheme with low latency and high fidelity. Meanwhile low-priority data may tolerate high-latency data delivery. Our approach exploits the design of a network that supports a hybrid data delivery scheme to enhance the network performance and reduces total network energy usage. In our system design two delivery schemes are deployed for purposes of comparison. The first is the traditional ad hoc approach to deliver high-priority data with high fidelity and low latency. The second presents a controllable infrastructure in the sensor field, which acts as low-priority data collection agent. Through simulations, we show that our proposed approach can provide substantial energy saving in this class of sensor application compared to the traditional multihop approach used alone.

A key pre-distribution scheme for heterogeneous sensor networks

Key pre-distribution techniques developed recently to establish pairwise keys between nodes with no or limited mobility. Existing schemes make use of only one key pool to establish secure links between stationary and mobile nodes, allowing an attacker to easily gain control of the network by randomly compromising a small fraction of stationary nodes. A method of preventing this type of security breach is the use of separate key pools for mobile and stationary nodes, in which small fractions of stationary nodes are randomly pre-selected to help the mobile nodes establish links with stationary nodes. Analysis shows that with 10% of stationary nodes carry a key from the mobile key pool. To recover any key from the mobile key pool and gain control of the network, an attacker would have to capture 20.8 times more stationary nodes than if a single key pool is used for both mobile and stationary nodes.

An Efficient Key Distribution Scheme for Establishing Pairwise Keys with a Mobile Sink in Distributed Sensor Networks

Security services such as authentication and pair-wise key establishment are critical in sensor networks. They enable sensor nodes to communicate securely with each other using cryptographic techniques. In this paper, we propose a novel key predistribution scheme that enables a mobile sink to establish a secure data communication link with any sensor nodes on the fly. The proposed scheme is based on the polynomial pool-based key pre-distribution scheme and the scheme in [7]. The security analysis in this paper indicates that for a given node density of d sensors within the communication range of the mobile sink and with certain probabilities q and p, our scheme assures, with high probability, that any sensor node can establish a pair-wise key with the mobile sink. It remains perfectly secure up to the capture of a certain fraction of sensor nodes.

Mobile sink using multiple channels to defend against wormhole attacks in wireless sensor networks

Security is a necessity for many sensor-network applications. A particularly harmful attack against sensor networks is known as the wormhole attack, where an adversary tunnels the messages received in one part of the network over a low-latency link and replays them in a different part of the same network. This article presents the threat posed by wormhole attacks to wireless sensor networks with mobile sinks. A novel technique that involves leveraging channel diversity for defense against the wormhole attack has been proposed. Through quantitative analyses, it is shown that even when 50% of a sensor nodes neighbors are malicious devices, the provision of one extra available channel for communication with the mobile sink reduces the probability of a wormhole attack to almost zero.

Secure Data Collection Scheme in Wireless Sensor Network with Mobile Sink

Wireless sensor networks that use a mobile sink to collect sensor data along a predetermined path raise a new security challenge: without verifying the source of the data request message, the network will become vulnerable to attacks. We propose an efficient security scheme, which divides the sinkpsilas data collection path into grids, sensors in each grid, uses secret keying in-formation and collision-resistant hash functions to authenticate the source of beacons. Through probabilistic analysis and definitive simulation, the proposed scheme shows with 60% of the grids under wormhole attacks, the probability that a node reply to a malicious beacon is 0.1.

Private matching and set intersection computation in multi-agent and industrial control systems

Distributed autonomous systems that rely on dataset matching and set intersection computation for decision making capabilities are vulnerable to datasets poisoning attacks. Among these systems, Industrial Control Systems (ICS) operating on critical infrastructures. Attacker with a compromised Programmable Logic Controllers (PLCs) can take advantage of the PLC-to-PLC information sharing process to construct and inject anomalous data that target the result of dataset matching and set intersection computation and hence bring the process operations into unstable state. We introduce a protocol that utilizes secure hamming distance computation from oblivious transfer to compute a joint set between two systems agents that hold private input datasets of length n. The proposed protocol achieves full security in the semihonest model.

A trusted computing architecture for health care

Software integrity and medical data secrecy in health care applications are at risk. The existing health care computing infrastructures lack the support of critical cybersecurity features, such as dynamic software integrity verifications and role-based authorization. Health-related operations are being administered and delivered to patients without proper knowledge or awareness about the integrity status of the underlying software component. To address these problems, we propose a trusted computing architecture that supports the integration of: (1) fine-grained active medical software components integrity verification techniques and (2) fine-grained active role-based authorization mechanisms. The new architecture makes use of code attestation-based technology for isolating sensitive and safety-critical code execution in health-related applications, using a minimal Trusted Computing Base (TCB). With this architecture, caregivers can perform dynamic software integrity monitoring and active role-based authorization during their medical practice.

Dynamically reconfigurable AES cryptographic core for small, power limited mobile sensors

In this paper, we propose a dynamically run-time reconfigurable power aware cryptographic processor for secure autonomous encryption. The design proposes the implementation of a dynamically reconfigurable AES cryptography process on an FPGA. The proposed design encompasses a microarchitecture which is variously power, latency, and throughput optimized via hardware acceleration and partial reconfiguration by a multi-level autonomic controller and a data router to enable tradeoffs under changing operational requirements within resource constraints. The multi-level controller decides on the appropriate configuration based on varying operational workloads to characterize the effect that time-varying task parameters have on the hardware architecture, to enable a run-time tradeoff of performance and resources usage (Key length, computational efficiency, latency and throughput).