Anish Mathuria

Efficient secure aggregation in sensor networks

In many applications of sensor networks, readings from sensor nodes are aggregated at intermediate nodes to reduce the communication cost. The messages that are relayed in the data aggregation hierarchy may need confidentiality. We present a secure data aggregation protocol for sensor networks that uses encryption for confidentiality, but without requiring decryption at intermediate nodes. A salient feature of the protocol is the use of two-hop pairwise keys to provide integrity while minimizing the communication required between the base station and sensor nodes. We analyze the performance of our protocol and compare its efficiency with a protocol proposed by Hu and Evans.

Some New Multi-Protocol Attacks

Security protocols are often designed and analyzed in isolation. In the real world, however, more than one protocol may be executed concurrently, possibly with the same keying material. An intruder may therefore be able to manipulate messages from different protocols in order to break the security of an otherwise secure protocol. Attacks involving interactions between different protocols, also referred to as multi-protocol attacks, have appeared less frequently in the literature than attacks involving single protocols. This paper presents multi-protocol attacks on several existing protocols that are believed to be resistant to attacks when used in isolation.

An extension to bellare and rogaway (1993) model: resetting compromised long-term keys

A security proof in the Bellare–Rogaway model and the random oracle model is provided for a protocol closely based on one originally proposed by Boyd (1996), which enjoys some remarkable efficiency properties. The model is extended so that it can detect a known weakness of the protocol that cannot be captured in the original model. An alternative protocol is proposed, provably secure in the extended model and the random oracle model, and offering the same efficiency features as the original protocol. Moreover, our alternative protocol provides key confirmation and forward secrecy. It also allows session keys to be renewed in subsequent sessions without the servers further involvement even in the event that the long-term key or the earlier session key have been compromised.

A Novel Key Update Protocol in Mobile Sensor Networks

Wireless Sensor Networks (WSN) have found applications in many areas including healthcare, military and behavior monitoring. However, due to various factors (e.g. use of a wireless channel, deployment in public and unattended areas), WSN applications are vulnerable to various attacks such as impersonation, replay, selective forwarding and sink hole. Therefore, security is an important issue to protect data in WSN. Several symmetric key based security schemes have been proposed in WSN for node authentication and secure data delivery. Most of the schemes are applicable for static WSN, where nodes once deployed, are not allowed to change their locations. However, depending on the application requirements, nodes in WSN may require to move from one place to another. The problem of authenticated pair-wise key update in dynamic WSN has not been addressed adequately in literature. In this paper, we propose a key update protocol which securely updates the session key between a pair of nodes with the help of random inputs in mobile sensor networks. Initially, a unique master key is obtained using symmetric bi-variate polynomial shares. This key is further used in authenticating and establishing the pair-wise key between a pair of nodes. Random inputs from both the participating nodes are used to update the pair-wise key in the mobile WSN setup. The security analysis shows that the proposed protocol resists known-key, impersonation, replay, worm and sink hole attacks. The proposed protocol also provides forward secrecy, key freshness, and mutual key control.

Key Agreement Protocols

Key agreement, as the name implies, is a process in which principals cooperate in order to establish a session key. Amongst the class of public key protocols for key establishment without a server, key agreement has become much more popular than key transport in recent years. There is an intuitive feeling that key agreement is ‘fairer’ than key transport and can result in higher quality random keys than key transport. In addition, by basing key agreement on the Diffie—Hellman protocol, forward secrecy can often be achieved. We will consider these points further below. Notice that key agreement does not have to use public key cryptography but most examples do so. In this chapter we look only at key agreement based on public key cryptography; some examples of key agreement using symmetric cryptography are discussed in Chap. 3.

On Anonymous Attribute Based Encryption

Attribute Based Encryption ABE has found enormous scope in data confidentiality and fine-grained access control of shared data stored in public cloud. Classical ABE schemes require attaching the access policy along with the ciphertext, where the access policy describes required attribute values of a receiver. As attributes of a receiver i.e., user could relate to the identity of users, it could lead to reveal some sensitive information of the ciphertext e.g. nature of plaintext, action sought from of receiver for applications like healthcare, financial contract, bureaucracy, etc. Therefore, anonymizing attributes while sending ciphertext in use of ABE schemes, known as Anonymous ABE AABE, is a promising primitive for enforcing fine-grained access control as well as preserving privacy of the receiver. In ASIACCS 2013, Zhang et al. proposed an AABE scheme using the match-then-decrypt [1] technique, where before performing decryption, the user performs a match operation that ensures a user whether he is the intended recipient for the ciphertext or not. We found that Zhang et al.s scheme [1] is not secure, in particular, it fails to achieve receivers anonymity. In this paper, we discuss the security weaknesses of Zhang et al.s scheme. We show that an adversary can successfully check whether an attribute is required to decrypt a ciphertext, in turn, reveal the receivers identity. We also suggest an improved scheme to overcome the security weakness of Zhang eti?źal.s scheme.

Program Integrity Verification for Detecting Node Capture Attack in Wireless Sensor Network

Wireless Sensor Networks WSNs are used in various applications mostly in hostile and emergency environments e.g. battle field surveillance, monitoring of nuclear activities, etc. The unattended deployment of WSNs, unreliable wireless communication and inherent resource constraints necessitate addressing the security of the WSNs in an efficient and economical way. In this paper, a node program integrity verification protocol is proposed in which the cluster heads are equipped with Trusted Platform Module TPM and serve as the verifiers. The protocol aims to first ensure the authentication of the verifier by a node, thereby, only an authenticated verifier is allowed to verify the authenticity and the integrity of the program of a node within its cluster. The proposed protocol also ensures that capture of one node does not reveal the secret of any other node in the network to the adversary. In addition to this, the protocol is secured against node collusion, man-in-the-middle and impersonation attacks. Since, the proposed protocol considers TPMs only at the cluster heads, unlike fully TPM enabled WSN, the overall network deployment cost is reduced. The aim of the proposed protocol is to provide program integrity verification for detecting node capture attack in a WSN with reduced computational, communication and storage cost overhead compared to the existing protocols for program integrity verification. The performance analysis and the simulation results verify the performance improvement.

Detecting flaws in dynamic hierarchical key management schemes using specification animation

In key assignment schemes for hierarchical access control systems, each access class has a key associated with it that can be used to derive the keys associated with every descendant of that class. Many recently proposed key assignment schemes support updates to the hierarchy such as addition and deletion of classes and class relationships. The dynamic changes entail a change to the hierarchy as well as re-computing of public and secret information. In this paper, we describe a software tool that supports the animation of specifications of dynamic schemes. The specification of a scheme, written in Prolog, corresponds to a symbolic model of the algorithms used by the scheme for key generation and for handling dynamic changes. The tool allows us to generate a test hierarchy, generate keys for the classes in the hierarchy, and simulate various dynamic operations. The animation search using the tool has shown to be useful in finding previously unreported attacks on several existing dynamic schemes.

Security analysis of the Louis protocol for location privacy

Many location-based services for alerting persons of nearby friends have been deployed in practice. A drawback of most approaches to providing such services is that friends always learn each others location even when they are not actually nearby. The Louis protocol proposed by Zhong, Goldberg and Hengartner aims to ensure that a friends location is revealed to another friend if and only if the friends are actually nearby. The protocol lets a third party learn whether the friends are nearby, without the third party learning their location. The third party communicates the answer to the person who invokes the service. A key feature of the protocol is that a person can detect misbehavior by the third party or the persons friend. This paper reveals a flaw in the way the protocol handles the detection of the misbehaving party, leading to an unauthorized disclosure of a persons location. Two alternatives for fixing the flaw in the protocol are proposed and a heuristic analysis is given.

An efficient key assignment scheme for access control in a hierarchy

This paper examines a hash based hierarchical access control scheme proposed by Yang and Li. It is shown that the scheme suffers from the ex-member access problem. A new hash based scheme that avoids the ex-member problem is proposed. Our scheme has the following advantages: (i) it uses less private storage per node; (ii) addition or deletion of nodes and users does not require rekeying of all nodes; and (iii) the static version of the scheme carries a proof of security. A hash based scheme recently proposed by Atallah, Frikken and Blanton also has these properties. Compared to their scheme, our scheme requires less public storage space for tree hierarchies.