Angelo Capossele

AGREE: exploiting energy harvesting to support data-centric access control in WSNs

This work is motivated by a general question: can energy harvesting capabilities embedded in modern sensor nodes be exploited so as to support security mechanisms which otherwise would be too demanding and hardly viable? More specifically, in this work we focus on the support of extremely powerful, but complex, fine-grained data-centric access control mechanisms based on multi-authority Ciphertext Policy Attribute Based Encryption (CP-ABE). By integrating access control policies into the (encrypted) data, such mechanisms do not require any server-based access control infrastructure and are thus highly desirable in many wireless sensor network scenarios. However, as concretely shown by a proof-of-concept implementation first carried out in this paper on TelosB and MicaZ motes, computational complexity and energy toll of state-of-the-art multi-authority CP-ABE schemes is still critical. We thus show how to mitigate the relatively large energy consumption of the CP-ABE cryptographic operations by proposing AGREE (Access control for GREEn wireless sensor networks), a framework that exploits energy harvesting opportunities to pre-compute and cache suitably chosen CP-ABE-encrypted keys, so as to minimize the need to perform CP-ABE encryptions when no energy from harvesting is available. We assess the performance of AGREE by means of simulation and actual implementation, validating its operation with real-world energy-harvesting traces collected indoors by TelosB motes equipped with photovoltaic cells, as well as public available traces of radiant light energy. Our results show that complex security mechanisms may become significantly less demanding when implemented so as to take advantage of energy harvesting opportunities.

Security as a CoAP resource: An optimized DTLS implementation for the IoT

The growing number of applications based on Internet of Things (IoT) technologies is pushing towards standardized protocol stacks for machine-to-machine (M2M) communication and the adoption of standard-based security solutions, such as the Datagram Transport Layer Security (DTLS). Despite the huge diffusion of DTLS, there is a lack of optimized implementations tailored to resource constrained devices. High energy consumption and long delays of current implementations limit their effective usage in real-life deployments. The aim of this paper is to explain how to integrate the DTLS protocol inside the Constrained Application Protocol (CoAP), exploiting Elliptic Curve Cryptography (ECC) optimizations and minimizing ROM occupancy. We have implemented our solution on an off-the-shelf mote platform and evaluated its performance. Results show that our ECC optimizations outperform priors scalar multiplication in state of the art for class 1 mote platforms, and improve network lifetime by a factor of up to 6.5 with respect to a standard-based not optimized implementation.

Flexible key exchange negotiation for wireless sensor networks

Despite recent improvements of the capabilities of Wireless Sensor Networks (WSN) nodes, network protocol support for key management is still lagging behind. While in traditional networks well known protocol suites (e.g., IPsec IKE and the TLS handshake), are commonly used for flexible negotiation of the cryptographic and key exchange protocols, to the best of our knowledge no similar support has been provided for the same operation in WSNs. The goal of this paper is therefore threefold. We discuss the design of a flexible security negotiation protocol for WSNs, and we suggest to adapt TLS handshake ideas to obtain maximum flexibility. We design and implement a security association set up protocol, tailored to the resource constraints and limits of WSN nodes. Finally, we run an experimental assessment of this protocol operations in support of RSA key transport, Elliptic Curve Diffie-Hellman key agreement, and Identity Based Encryption key agreement.

Counteracting Denial-of-Sleep Attacks in Wake-Up-Radio-Based Sensing Systems

Wake-up-radio-based sensing systems make use of radio- triggering techniques and ultra-low power wake-up receivers (WuRs) to enable on-demand asynchronous network wake ups. Thanks to this, they have the potential to achieve low latency data collection at minimum energy cost, thus meeting the challenging lifetime and quality-of-service demands of emerging Internet of Things (IoT) and Wireless Sensor Networks (WSNs) applications. However, the fact that nodes can be remotely activated on-demand makes wake-up-radio-based networks vulnerable to energy exhausting attacks. In this paper, with a focus on practical implementation and validation, we present a full-fledged solution to counteract Denial-of-Sleep (DoS) attacks to wake-up-radio-based sensing systems. A core component of our proposed solution is a key exchange protocol based on Elliptic Curve Cryptography (the Fully Hashed MQV protocol), which we use in conjunction with implicit certificates.

R-CARP: A Reputation Based Channel Aware Routing Protocol for Underwater Acoustic Sensor Networks

In this paper we introduce R-CARP, a reputation based channel aware routing protocol for underwater acoustic sensor networks (UASNs). While many routing protocols have been proposed for UASNs, solutions to secure routing protocols from attacks such as sinkhole attack and selective forwarding are still overlooked. These routing attacks can dramatically disrupt network performance, especially in some application scenarios such as homeland security and critical infrastructure monitoring, where a high reliability on message delivery is required. Designing secure and reliable protocols for UASNs is particularly challenging due to acoustic modems unique characteristics such as low bandwidth and bit rate, high propagation delays and high energy consumption when in transmit mode. The aim of this work is therefore to propose R-CARP, a secure and reliable routing protocol tailored to such communication constrained environment. R-CARP is an improved version of CARP, the channel aware routing protocol presented in [5], enriched with a reputation based mechanism to contrast malicious node behavior. To secure R-CARP we employ BLS, a short digital signature algorithm, exploiting its aggregation property to reduce the additional communication overhead. By means of simulation based performance evaluation, we show that, under attack, R-CARP is effective at bypassing malicious nodes and outperforms CARP in terms of packet delivery ratio (PDR) and energy per bit (EPB) by a factor of up to 2, at the cost of a slight increment in terms of latency.

Low-Cost Standard Signatures for Energy-Harvesting Wireless Sensor Networks

This work is motivated by a general question: can micro-scale energy-harvesting techniques be exploited to support low-cost standard security solutions on resource-constrained devices? We focus on guaranteeing integrity and authentication in Internet of Things (IoT) and Wireless Sensor Network (WSN) applications. In this article, we propose techniques to make ECDSA signatures low cost and implementable on resource-constrained devices. By combining precomputation techniques and energy-harvesting capabilities of modern sensor nodes, we achieve significant improvement over prior works. In addition, we show that the cost of ECDSA signatures can be reduced by up to a factor 10 by using harvesting-aware optimizations.

HELIOS: Outsourcing of Security Operations in Green Wireless Sensor Networks

Energy-harvesting techniques for low-power embedded devices are opening up new opportunities for the design and optimization of security protocols for Green Wireless Sensor Networks. In this paper, we focus on scenarios where the energy resources of nodes in the network are heterogeneous, and propose a network-level solution that leverages the heterogeneity of harvesting capabilities to reduce the energy consumption of performing costly security operations. Our proposed distributed protocol, called HELIOS (Harvesting- EnabLed computatIon Outsourcing Scheme), allows nodes with scarce energy availability to outsource resource-demanding cryptographic operations to nodes that are harvesting power in excess, resulting in a significant reduction of their energy consumption.

Securing Underwater Communications: Key Agreement based on Fully Hashed MQV

This paper concerns the implementation and testing of a protocol that two honest parties can efficiently use to share a common secret session key. The protocol, based on the Fully Hashed Menezes-Qu-Vanstone (FHMQV) key agreement, is optimized to be used in underwater acoustic communications, thus enabling secure underwater acoustic networking. Our optimization is geared towards obtaining secure communications without affecting network performance by jointly keeping security-related overhead and energy consumption at bay. Implementation and testing experiments have been performed with the SUNSET SDCS framework and its SecFUN extension using as hardware two submerged acoustic modems. Results show that our approach imposes a low computational burden to the underwater node, which implies low local energy consumption. This is due to the fact the FHMQV protocol is highly efficient resulting in a small number of operations with a low computation cost. In addition the use of elliptic curves allows to further reduce the computational overhead.