Chris Karlof

Secure routing in wireless sensor networks: attacks and countermeasures

We consider routing security in wireless sensor networks. Many sensor network routing protocols have been proposed, but none of them have been designed with security as a goal. We propose security goals for routing in sensor networks, show how attacks against ad-hoc and peer-to-peer networks can be adapted into powerful attacks against sensor networks, introduce two classes of novel attacks against sensor networks sinkholes and HELLO floods, and analyze the security of all the major sensor network routing protocols. We describe crippling attacks against all of them and suggest countermeasures and design considerations. This is the first such analysis of secure routing in sensor networks.

TinySec: a link layer security architecture for wireless sensor networks

We introduce TinySec, the first fully-implemented link layer security architecture for wireless sensor networks. In our design, we leverage recent lessons learned from design vulnerabilities in security protocols for other wireless networks such as 802.11b and GSM. Conventional security protocols tend to be conservative in their security guarantees, typically adding 16--32 bytes of overhead. With small memories, weak processors, limited energy, and 30 byte packets, sensor networks cannot afford this luxury. TinySec addresses these extreme resource constraints with careful design; we explore the tradeoffs among different cryptographic primitives and use the inherent sensor network limitations to our advantage when choosing parameters to find a sweet spot for security, packet overhead, and resource requirements. TinySec is portable to a variety of hardware and radio platforms. Our experimental results on a 36 node distributed sensor network application clearly demonstrate that software based link layer protocols are feasible and efficient, adding less than 10% energy, latency, and bandwidth overhead.

A practical evaluation of radio signal strength for ranging-based localization

Radio signal strength (RSS) is notorious for being a noisy signal that is difficult to use for ranging-based localization. In this study, we demonstrate that RSS can be used to localize a multi-hop sensor network, and we quantify the effects of various environmental factors on the resulting localization error. We achieve 4.1m error in a 49 node network deployed in a half-football field sized area, demonstrating that RSS localization can be a feasible alternative to solutions like GPS given the right conditions. However, we also show that this result is highly sensitive to subtle environmental factors such as the grass height, radio enclosure, and elevation of the nodes from the ground.

The effects of ranging noise on multihop localization: an empirical study

This paper presents a study of how empirical ranging characteristics affect multihop localization in wireless sensor networks. We use an objective metric to evaluate a well-established parametric model of ranging called Noisy Disk: if the model accurately predicts the results of a real-world deployment, it sufficiently captures ranging characteristics. When the model does not predict accurately, we systematically replace components of the model with empirical ranging characteristics to identify which components contribute to the discrepancy. We reveal that both the connectivity and noise components of Noisy Disk fail to accurately represent real-world ranging characteristics and show that these shortcomings affect localization in different ways under different circumstances.

Design and implementation of a sensor network system for vehicle tracking and autonomous interception

We describe the design and implementation of PEG, a networked system of distributed sensor nodes that detects an uncooperative agent called the evader and assists an autonomous robot called the pursuer in capturing the evader. PEG requires embedded network services such as leader election, routing, network aggregation, and closed loop control. Instead of using general purpose distributed system solutions for these services, we employ whole-system analysis and rely on spatial and physical properties to create simple and efficient mechanisms. We believe this approach advances sensor network design, yielding pragmatic solutions that leverage physical properties to simplify design of embedded distributed systems. We deployed PEG on a 400 square meter field using 100 sensor nodes, and successfully intercepted the evader in all runs. We confronted practical issues such as node breakage, packaging decisions, in situ debugging, network reprogramming, and system reconfiguration. We discuss the approaches we took to cope with these issues and share our experiences in deploying a realistic outdoor sensor network system.

Conditioned-safe ceremonies and a user study of an application to web authentication

We introduce the notion of a conditioned-safe ceremony. A “ceremony” is similar to the conventional notion of a protocol, except that a ceremony explicitly includes human participants. Our formulation of a conditioned-safe ceremony draws on several ideas and lessons learned from the human factors and human reliability community: forcing functions, defense in depth, and the use of human tendencies, such as rule-based decision making. We propose design principles for building conditioned-safe ceremonies and apply these principles to develop a registration ceremony for machine authentication based on email. We evaluated our email registrationceremony with auser studyof 200participants. We designed our study to be as ecologically valid as possible: we employed deception, did not use a laboratory environment, and attempted to create an experience of risk. We simulated attacks against the users and found that email registration was significantly more secure than challenge question based registration. We also found evidence that conditioning helped email registration users resist attacks, but contributed towards making challenge question users more vulnerable.

Hidden Markov Model Cryptanalysis

We present HMM attacks, a new type of cryptanalysis based on modeling randomized side channel countermeasures as Hidden Markov Models (HMM’s). We also introduce Input Driven Hidden Markov Models (IDHMM’s), a generalization of HMM’s that provides a powerful and unified cryptanalytic framework for analyzing countermeasures whose operational behavior can be modeled by a probabilistic finite state machine. IDHMM’s generalize previous cryptanalyses of randomized side channel countermeasures, and they also often yield better results. We present efficient algorithms for key recovery using IDHMM’s. Our methods can take advantage of multiple traces of the side channel and are inherently robust to noisy measurements. Lastly, we apply IDHMM’s to analyze two randomized exponentiation algorithms proposed by Oswald and Aigner. We completely recover the secret key using as few as ten traces of the side channel.